Padded cells

Padded cells complement Intrusion Detection Systems (IDSs) and are not
related to DBMS security. Padded cells are simulated environments to which IDSs
seamlessly transfer detected attackers and are designed to convince an attacker that the
attack is going according to the plan. Cell suppression is a technique used against
inference attacks by not revealing information in the case where a statistical query
produces a very small result set. Perturbation also addresses inference attacks but
involves making minor modifications to the results to a query. Partitioning involves splitting
a database into two or more physical or logical parts; especially relevant for multilevel
secure databases.
Source: LaROSA, Jeanette (domain leader), Application and System Development Security
CISSP Open Study Guide, version 3.0, January 2002.

Ring Architecture.

Explanation: In computer science, hierarchical protection domains, often called protection
rings, are a mechanism to protect data and functionality from faults (fault tolerance) and
malicious behavior (computer security). This approach is diametrically opposite to that of
capability-based security.
Computer operating systems provide different levels of access to resources. A protection
ring is one of two or more hierarchical levels or layers of privilege within the architecture of
a computer system. This is generally hardware-enforced by some CPU architectures that
provide different CPU modes at the hardware or microcode level. Rings are arranged in a
hierarchy from most privileged (most trusted, usually numbered zero) to least privileged
(least trusted, usually with the highest ring number). On most operating systems, Ring 0 is
the level with the most privileges and interacts most directly with the physical hardware
such as the CPU and memory.
Special gates between rings are provided to allow an outer ring to access an inner ring's
resources in a predefined manner, as opposed to allowing arbitrary usage. Correctly gating
access between rings can improve security by preventing programs from one ring or
privilege level from misusing resources intended for programs in another. For example,
spyware running as a user program in Ring 3 should be prevented from turning on a web
camera without informing the user, since hardware access should be a Ring 1 function
reserved for device drivers. Programs such as web browsers running in higher numbered
rings must request access to the network, a resource restricted to a lower numbered ring.
Ring Architecture                                                                                                                                                       All of the other answers are incorrect because they are detractors.
References:
OIG CBK Security Architecture and Models (page 311)
and
https://en.wikipedia.org/wiki/Ring_%28computer_security%29

integrity and availability.

TCSEC focused on confidentiality while ITSEC added integrity and
availability as security goals.
The following answers are incorrect:
integrity and confidentiality. Is incorrect because TCSEC addressed confidentiality.
confidentiality and availability. Is incorrect because TCSEC addressed confidentiality.
none of the above. Is incorrect because ITSEC added integrity and availability as security
goals.

 Hardware and firmware have undergone periodic testing to verify that they are
functioning properly.

System Integrity means that all components of the system cannot be
tampered with by unauthorized personnel and can be verified that they work properly.
The following answers are incorrect:
The software of the system has been implemented as designed. Is incorrect because this
would fall under Trusted system distribution.
Users can't tamper with processes they do not own. Is incorrect because this would fall
under Configuration Management.
Design specifications have been verified against the formal top-level specification. Is
incorrect because this would fall under Specification and verification.
References:
AIOv3 Security Models and Architecture (pages 302 - 306)
DOD TCSEC - http://www.cerberussystems.com/INFOSEC/stds/d520028.htm

 Procedures

Procedures are step-by-step instructions in support of of the policies, standards, guidelines and baselines. The procedure indicates how the policy will be
implemented and who does what to accomplish the tasks."
Standards is incorrect. Standards are a "Mandatory statement of minimum requirements
that support some part of a policy, the standards in this case is your own company
standards and not standards such as the ISO standards"
Guidelines is incorrect. "Guidelines are discretionary or optional controls used to enable
individuals to make judgments with respect to security actions."
Baselines is incorrect. Baselines "are a minimum acceptable level of security. This
minimum is implemented using specific rules necessary to implement the security controls
in support of the policy and standards." For example, requiring a password of at leat 8
character would be an example. Requiring all users to have a minimun of an antivirus, a
personal firewall, and an anti spyware tool could be another example.
References:
CBK, pp. 12 - 16. Note especially the discussion of the "hammer policy" on pp. 16-17 for
the differences between policy, standard, guideline and procedure.
AIO3, pp. 88-93.

Test environment using sanitized live workloads data.

The best way to properly verify an application or system during a stress test
would be to expose it to "live" data that has been sanitized to avoid exposing any sensitive
information or Personally Identifiable Data (PII) while in a testing environment. Fabricated
test data may not be as varied, complex or computationally demanding as "live" data. A production environment should never be used to test a product, as a production
environment is one where the application or system is being put to commercial or
operational use. It is a best practice to perform testing in a non-production environment.
Stress testing is carried out to ensure a system can cope with production workloads, but as
it may be tested to destruction, a test environment should always be used to avoid
damaging the production environment. Hence, testing should never take place in a
production environment. If only test data is used, there is no certainty that the system was
adequately stress tested.
 

Test equipment can be used to browse information passing on a network.

Test equipment must be secured. There are equipment and other tools that if
in the wrong hands could be used to "sniff" network traffic and also be used to commit
fraud. The storage and use of this equipment should be detailed in the security policy for
this reason.
The following answers are incorrect:
Test equipment is easily damaged. Is incorrect because it is not the best answer, and from
a security point of view not relevent.
Test equipment is difficult to replace if lost or stolen. Is incorrect because it is not the best
answer, and from a security point of view not relevent.
Test equipment must always be available for the maintenance personnel. Is incorrect
because it is not the best answer, and from a security point of view not relevent.
References:
OIG CBK Operations Security (pages 642 - 643)

consistent with the real world.

External consistency ensures that the data stored in the database is
consistent with the real world.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, page 33.

Security testing

Security testing makes sure the modified or new system includes appropriate
access controls and does not introduce any security holes that might compromise other
systems.
Recovery testing checks the system's ability to recover after a software or hardware failure.  Stress/volume testing involves testing an application with large quantities of data in order to
evaluate performance during peak hours.
Interface testing evaluates the connection of two or more components that pass information
from one area to another.
Source: Information Systems Audit and Control Association, Certified Information Systems
Auditor 2002 review manual, Chapter 6: Business Application System Development,
Acquisition, Implementation and Maintenance (page 300).

What records to backup

It is critical that a determination be made of WHAT data is important and
should be retained and protected. Without determining the data to be backed up, the
potential for error increases. A record or file could be vital and yet not included in a backup
routine. Alternatively, temporary or insignificant files could be included in a backup routine
unnecessarily.
The following answers were incorrect:
When to make backups Although it is important to consider schedules for backups, this is
done after the decisions are made of what should be included in the backup routine.
Where to keep backups The location of storing backup copies of data (Such as tapes, online
backups, etc) should be made after determining what should be included in the backup
routine and the method to store the backup.
How to store backups The backup methodology should be considered after determining
what data should be included in the backup routine.