CCT 337: Indian CCTV and CISSP Question Deep Dive (Domain 3)

Show Notes

A cheap camera on a pole can become a surveillance pipeline, and that’s not a movie plot, it’s a real security problem. I start with a news-driven look at alleged CCTV espionage tied to critical infrastructure and why CISSP Domain 3 isn’t just theory. If you don’t know what devices are installed at your sites, what they record, and where that data goes, you can lose control of your environment long before an attacker ever touches your firewall.

From there, I pivot into a focused Domain 3 question set that drills the kind of reasoning the CISSP exam rewards. We unpack why collapsing multiple security layers into one “highly capable” security appliance creates a single point of failure, and how defense in depth is really about independent layers, resilience, and clear risk acceptance. I also review classic security models, including the Bell-LaPadula lattice model and its “no read up, no write down” confidentiality rules, plus how it differs from integrity-focused Biba and the commercial Clark-Wilson approach.

We then hit core security architecture and engineering concepts: the trusted computing base (TCB), what the reference monitor is, and why the security kernel is the component that implements it. On the crypto side, I explain why elliptic curve cryptography (ECC) is the best strength-to-key ratio choice for digital signatures on low-powered IoT devices. Finally, we cover database security threats like inference (and how it relates to aggregation), and wrap with a practical safety topic for data centers: Class C electrical fires and why CO2 or clean agents are preferred to protect hardware.

Subscribe for weekly CISSP prep, share this with a study partner, and if it helped you think more clearly, leave a review so more candidates can find the show.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

Chapters

• 0:00: Welcome And CISSP Mission
• 0:46: A Personal Milestone And Mindset
• 1:11: CCTV Espionage And Covert Cameras
• 3:16: Auditing Sites For Hidden Risks
• 4:39: Defense In Depth And Failure Risk
• 7:57: Bell-LaPadula Confidentiality Rules
• 10:46: TCB Basics And Security Kernel
• 12:46: ECC For Low-Power IoT Signatures
• 15:23: Database Inference Threat Explained
• 17:53: Server Room Fire Suppression Choices
• 20:24: Resources And How To Keep Studying

Transcript

Welcome And CISSP Mission

SPEAKER_00 0:00

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber. I'm your host of this Action Pack Informative Podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started.

A Personal Milestone And Mindset

CCTV Espionage And Covert Cameras

Auditing Sites For Hidden Risks

Defense In Depth And Failure Risk

Bell-LaPadula Confidentiality Rules

TCB Basics And Security Kernel

ECC For Low-Power IoT Signatures

Database Inference Threat Explained

Server Room Fire Suppression Choices

Resources And How To Keep Studying

SPEAKER_01 0:25

Good morning, everybody. It's Sean Gerber with CISSP Cyber Training, and hope you all are having a beautifully blessed day today. Today is Thursday, and we are going to be having CISSP questions related to domain three of the CISSP exam. Hope you all are having a blessed day, though, because you know what? I'm excited. Today is a wonderful day. More than you guys probably want to know, but my daughter is heading off to the Army today, so I'm extremely excited about that. It has been a long, arduous process, and we are super excited to have her head on out and serve her country. So we're pretty excited about that, and we get to drive her away today. So pretty super pumped about it. Just really am. Really pumped about it. But on a different note, we're gonna talk a little bit about domain three. But before we do, there's an article I wanted to go over, and it's related to an Indian government probe CCTV espionage operation linked to Pakistan. So the police found cameras pointing at their specific infrastructure. Now, what's what does this come down to? Well, there's a supposedly a spy network that's been uncovered with inside India, and they are attributing it to the Pakistani folks, either the government or individuals in the Pakistani government. And they're installing covert cameras at sensitive locations such as railway stations and overall critical infrastructure locations and sending footage to handlers in Pakistan. Now, how it basically worked was that there was a camera that is tied to a solar unit, and this sim-enable camera is placed high up on areas to capture wide views of infrastructure and troop movement. They're not designed for point areas, they're designed for an overall larger coverage area. And then they transmit the footage remotely. So we know that cameras can be, as they're proliferating everywhere. This is a great way for an organization to be able to do this. Now, when it comes down to the political aspects of it, that's obviously a different concept. But you need to, as a cybersecurity professional, be aware of this. I've had multiple situations that have occurred when I was working as a CISO that people had put in hotspots and cameras in locations that they were not necessarily meant to be. Now, in all the occasions that I have dealt with, none of that, none of it was nefarious by any stretch. However, it was very problematic and disruptive. Uh, what they're coming to try to figure out is in this case, is that what was exposed, how is it exposed, that it actually made them kind of really question the fact that are these cheap cameras put in place? What can they do? How can they cause problems to their organization and to their overall country? So it's just kind of a big deal around that. Now, when it comes to India and Pakistan, those two have been at odds at each other for many, many, many years. And so this is just one more of the little tit for tat things that does occur in their country. So when it comes right down to it, I would uh the recommendation that comes out of this for you is for you to go through your organization, look at the locations where you have business. Um, if you're especially if you're in the manufacturing space, are there cameras put in place that you're not aware of? If you are living in a country that are you're operating in a country that maybe is more aligned to doing these types of things, just keep in mind what could be occurring. Um I've had worked in countries that are maybe not as friendly to the United States, and there are have been things put in place in locations where it was looking for IP or intellectual property theft. So kind of keep that in the back of your mind if that is something that you need to be paying attention to for you and your company. Uh, I would tell you that if you're going to be doing a working for a company that is maybe has intellectual property, and one of their interview questions is around the protection of interview or of intellectual property, this could be a great way for you to pull up this article or talk about this article and then what you would do specifically on how you'd protect the company's infrastructure as well as their their data their data secrets. So it's a really good article, just it's very quick, super quick, uh, but it just kind of talks about the importance of CCTV espionage in India related to the Pakistani government or individuals there locally. Okay, so question one of the deep dive. An enterprise plans to collapse multi-security layers to reduce costs by relying heavily on one single highly capable security appliance. So they're going to scale down and they're going to rely heavily on one super capable security appliance. From a secure network architecture perspective, what is the primary risk of this approach? Okay, well, there's probably a few, but let's just talk about this. A increased administrative overhead. B, creation of a single point of failure. D, reduced encryption strengths, or D inability to monitor network traffic. So now let's just kind of talk about the questions that we feel are wrong. They want to go from multiple layers, security layers to one. Now we all know from a security point of view this is just not a good idea. We want to have multiple layers of security built into your products and built into your networks to ensure that you have the maximum amount of protection against any sort of attack that could occur. So A is an increased administrative overhead. Well, if anything, this is probably going to reduce your overhead because you have less systems to worry about. So that question is wrong. D, the inability to monitor network traffic. Now that probably is correct because it's just say, for instance, if you're going from multiple areas, and let's say you're doing PCAP captures, which is your packet captures, and you maybe have taps in no numerous locations throughout your network. If you go to one single GOT appliance, you're now going to run the risk that you're not going to have any access to those PCAPs like you did before. Now that I'm saying that it's very, it could be very much of a uh assumption being made that this is not being made in this one super duper appliance. But in most cases, if you're going to one appliance, you probably are losing some level of visibility in this space. So I would say D is definitely not a correct answer. C reducing encryption strength. Well, by going to one appliance doesn't really imply any sort of encryption aspects to it. Uh they're most likely all of new appliances coming out that are considered a highly capable security appliance would have the most current encryption capabilities built into it. So that answer would be incorrect. So the real correct answer, or that the correct answer, is creation of a single point of failure. Consolidating security controls into a single device does increase your risk substantially. Now, there might be a situation where you want to have a device at a location that is a specific device. I get that. But you're still going to want to have some level of defense and depth on this device because if you have just this one area, something bad happens, that whole area goes down. So again, it's all based on risk and how much you're willing to accept. If you're going to accept this level of risk, it is well communicated with your senior leaders as well as this, the basically the leaders of the company themselves in what you're trying to accomplish. They need to be aligned with what you're thinking. And I would say that this is probably one of those areas that they might disagree with you just a little bit. Now, if you baffle them with all kinds of ITBS, they may just agree with you, but in reality, you're setting yourself up for failure. So defense in depth does rely on multiple independent layers, and you need to make sure you have that in place for your company and for this situation. So the correct answer is B. Next question. An organization is implementing a latest base access control model that enforces the no read up and the no write down rules. Which security model is being applied? And what is its primary focus? Okay, so the organization is implementing a lattice-based access control model that enforces no read up and no write down. Which security model is being applied? BIBA model, focused on integrity, the Bella Lapla model based on confidentiality, the Clark Wilson model, based on integrity, and the Brewer Nash model, conflict of interest. Okay, so let's break these down into which ones are not correct and let's go from there. So again, no write read up and no write down. So the BIBA model, that now that's A. While the BIBA is a latest-based model, okay, it is a functional inverse of the Bell Lapuda, which basically means it uses a no read down and a no write up to prevent corruption of highly integrity data by low integrity subjects. Okay, so let's talk about the ones that are incorrect. The BIBA model and integrity, right? While BIBA is a lattice-based model, very similar to the correct one, uh, it uses a no read down and a no write up, which is opposite or inverse to what we're trying to accomplish today. And this is to prevent corruption of highly integrity data and low integrity subjects. Okay, so again, the BIBA model is focused on no read down, no write up. Now the Clark Wilson model, okay, this is the one that's C. This model focuses on well-formed transactions and separation of duties in the commercial context rather than a single multi-level lattice structure. So that one would be incorrect as well. And then finally, the Brewer Nash model is a conflict of interest. It also is known as a Chinese wall model. This is focuses on dynamically changing access permissions based on a user's previous activity to prevent conflicts of interest. So those three are not correct. So the correct answer is yes, the Bella Puta model confidentiality. So Bella Puta model is a state machine model. Okay, it's used to enforce confidentiality, and its two main rules are the simple security property. A subject given security level may not read to an object that is higher security level, and the star property, which is a subject is given at security levels that may not write to an object at a lower security level. So BIBA is the inverse and focuses on integrity. So again, the ultimate point is that Bella Puda is the right answer. So again, no read up, no write down, Bella Puda. Next question: Which component of the trusted computing base or TCB acts as a hardware, software, and firmware elements that actually implements the reference monitor concept? Okay, so which component of the TCB acts as a hardware, software, and firmware elements that actually implements the reference monitor concepts? So A security kernel, B, trusted path, C reference monitor or D execution domain. Again, which component of the trusted computing base acts as a hardware, software, firmware elements that actually implement the reference monitor concept. And let's go through the questions that are the answers that are incorrect. Execution domain. So that is D. That is not correct. It's also known as the CPU privilege state or ring. This defines the resources a process that can access, but is not the specific entry entity that enforces the policy between subjects and objects. So it's a CPU privilege state or ring. That is considered the execution domain. Reference monitor is also incorrect. This is the concept or abstract machine that mediates all access. That is considered the reference monitor. Trusted path, this is the mechanism that provides the secure communication channel between the user and the TCB. It's ensuring the that untrusted applications cannot intercept sensitive data such as passwords. So that is the trusted path. So those three are incorrect. So the correct answer is security kernel. The security kernel is a collection of components in the TCB that implements the reference monitor concept. While the reference monitor isn't of an abstract design, it does have an isolation mechanism that must be tamper-proof, always invoked and small enough to be verified. The security kernel is the physical realization of that specific design. Next question. A security architect needs to implement a digital signature solution for a fleet of low-powered IoT devices. Which asymmetric algorithm provides the highest strength to key ratio, making it the most efficient choice of these resource-constrained devices? A RSA, B Diffie Hellman, C elliptic curve cryptography, or D E I G A M A L. Alright. So a security architect needs to implement a digital signature solution for a fleet of low-powered IoT devices. Which asymmetric algorithm provides the highest strength to key key ratio, making it the most efficient choice of these resource constrained devices? So again, you got a security architect, got a digital signature, needs to put these on IoT devices, and what asymmetric algorithm, so that would help you there too as well, which asymmetric algorithm provides the highest strength to key ratio, making it the most efficient choice for these resource constrained devices. A RSA. B Diffie Hellman, C ECC, or the elliptic curve cryptography, or DL Gamal. Alright, which one is it? So let's start with the ones that are incorrect right now and then we'll go from there. So RSA, incorrect. It relies on factoring of large integrated integers and provides modern security levels. It requires a very large keys, up to 3,072-bit or potentially higher, which results in slower performance and high power consumption. This both of those are things that the IoT devices do not like and do not have. The next one is Diffie-Hellman. This is a primary of a key exchange protocol. Like RSA, it requires large mathematical groups and large keys to remain secure, making it very making it less efficient for tiny IoT type sensors. So again, Diffie-Hellman would not be the best choice either. And then the last one is El Gemal. El Gemal is an asymmetric algorithm based on discrete logarithmic problems. It doubles the size of the ciphertext compared to a plain text, making it inefficient for bandwidth constrained IoT devices. So El Gemal would not be a good choice as well. So that leaves us with what? ECC. Yes, the elliptic curve cryptography is highly favored for mobile and IoT devices because it provides the same level of crypto strength as RSA or Diffie, but with a smaller key size. So for an example, you get 256-bit ECC key offers roughly the same security as a 3072-bit RSA key. So again, less computational overhead, low power consumption. IoT is happy. So something to consider there. Next question An attacker is able to determine sensitive information about a specific individual in a database by analyzing multiple non-sensitive query results and using logical deduction. Which type of database security threat does this represent? A salami attack. B aggregation. C polyinstantation and then D inference. Okay, so we're trying to have multiple things of non-sensitive query results and leading to a logical deduction. I did this a lot in when I was a red teamer, and we would go through and look for all kinds of intelligence, and we would do it through this method. So I'm not going to tell you the answer because that's the answer. So we'll go through and answer the questions based on the ones that are incorrect. So which ones are incorrect? So let's start with the salami attack, the meat attack. This is a financial crime involving the theft of very small amounts of assets, such as rounding down cents in bank accounts to avoid detection. All right, it's the one penny thing. If I siphon off a penny, one penny is nothing, but adding lots of pennies adds up to real money. This is not related to data deduction, right? So this for it is not the correct answer. Aggregation, this is a process of collecting various low sensitivity items while it is while it is the building block for the correct answer. Aggregation is the collection phase of this whole process. So it's the beginning phases of this. Whereas the right answer is the intellectual result and of deducing the specific secret. So the ultimate point is the aggregation is the beginning. The correct answer is the final outcome, the final solution. All right. Polyinstant. That is not correct either. This is the defense mechanism, not the threat, where two different versions of the same data object exist at different classification levels to prevent low-level users from inferring the existence of high-level data. Yes, I said the correct answer. The correct answer is inference. Yes, inference occurs when users are able to deduce high sensitivity information from low sensitivity data they may have access to. We did this a lot, right? Just looking for intelligence, and you find all kinds of low-level intelligence that does point you to something that is of higher level intelligence. So again, aggregation, though, is the act of collecting multiple pieces of nonsensive information, but inference is the specific process of using logic to fill in the blanks. So again, aggregation you may bite off on, but inference is the correct answer. Last question You're designing a fire suppressant strategy for a new server room. Which class of fire involves energized electrical equipment and which suppressant agent is generally preferred for this environment to avoid damaging the hardware? Okay, so you're looking for fire suppression. You're looking for a class. Which class should we use that involves energized electrical equipment? Which one will protect that? And which suppression agent is generally preferred for this environment? Okay, so A, class A, water mist. B Class B saphanication Agents. C, class C is carbon dioxide, CO2, or clean agents. Or class D, dry powder. Okay, so again, we're trying to protect these energized electrical equipment, which is with a suppression agent. And it's definitely preferred that this environment to avoid damaging the specific hardware. Okay, so you got electrical stuff. What are you gonna do? So let's look at the ones that are incorrect. Class A, water mist. Yeah, class A is for wood and paper, not so good for electrical stuff. So putting water and mist in a server room, yeah, with high voltage stuff, not a good idea. Just don't do it. Class A is not the right choice. So class B, saphanication agents. So class B is for flammable liquids such as oils and grease. Safonication, I can never say that word, is a process of using class K or kitchen fires to turn fats into soap. This would be a catastrophic for a server components and it would not be a good choice. So again, that's for oils and for any sort of greases. The next one that is incorrect is D, Class D or dry powder. Class D is for combustible metals like magnesium. Dry powder agents can be highly corrosive and abrasive, which would destroy any sort of aspects you have with any sort of electronics. It would be very, very bad. So you wouldn't want to do any sort of dry powder because I guess that would go everywhere and cause all kinds of drama. So then what would you use? Well, the answer is C, right? Class C carbon dioxide or CO2 clean agents. So the carbon dioxide, what does it do? It starves the fire, right? It takes out all the oxygen. So what happens? The fire can't even go anymore, can't do anything. It's non-conductive and it leaves out no residue, residue, providing that there's no more damage to your sensitive equipment. So again, that is an important piece of this. You'd want to use a CO2 gas to suck out the oxygen or to basically take out the oxygen in the room, so then there the fire will be dissipated. Okay, that is all I have for you today. I hope you had a great and wonderful day. I hope you enjoyed this. Uh again, go to CISSP Cyber Training, check it out. There's a lot of great stuff out there at CISSP Cyber Training for you. Lots of free content, lots of paid content, all the stuff to help you pass the CISSP exam the first time. All right, thank you so much, and we'll catch you on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes, and I would greatly appreciate your feedback. Also, check out my videos that are on YouTube, and just head to my channel at CISSP Cyber Training, and you will find a plethora or a conocopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.