Welcome to the CISSP Cyber Training Podcast , where we provide you the training and tools you need to pass the CISSP exam the first time . Hi , my name is Sean Gerber and I'm your host for this action-packed , informative podcast . Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge .
Alright , let's get started . Let's go .
Cybersecurity knowledge All right , let's get started . Hey , I'm Sean Gerber with CISSP Cyber Training , and hope you all are having a beautifully blessed day today . Today is what CISSP question Thursday and we're going to be going over some very interesting CISSP questions related to Monday's CISSP conversation that we had and so the podcast that occurred on Monday .
We was focused on 3.4 and memory protection , so we are going to be getting into that today . So I hope all of your studying is going super well for the CISSP . I know a lot of folks that I'm working with have actually they're getting ready to test here very , very soon . I've got a good friend that's being part of my mentorship program .
He's actually testing here in about 10 days and we're pretty excited about that for him . I know he's going to do very well and then he can move on with the rest of what he's doing , because he's got a great opportunity with working in the local community and where he lives and as the CISO for a very large town .
So I'm pretty excited about that for him and I know it's going to be very , very successful once he gets this CISSP done . Take the test , get her done , knock it out of the park . That's what we got to do .
But , that being said , you guys are here to listen a little bit more about CISSP , but before we do , I want to bring up an article that I saw that's related to obviously everything we do in the CISSP , and this is for DORA . Now this comes .
We talked about this a lot with the overall regulations that are affecting multiple countries around the globe , and DORA is no different . Dora is the EU's Digital Operational Resiliency Act Okay , that's also called DORA and it's for financial institutions within the UK .
Now what I'm going to bring up here is this is we bring up stuff DORA , and it's for financial institutions within the UK .
Now , what I'm going to bring up here is this is we have stuff with the UK because there's a lot of really good cybersecurity articles that come out of the UK , but this article can be basically plastered anywhere else you want to put it .
I know in the United States we're talking about resiliency is kind of the big factor we need to really kind of focus on , and I also want to mention that at Reduce Cyber Risk and also at CISSP Cyber Training , I feel that really strongly that resiliency for organizations is probably one of the number one things you should focus on , besides doing a gap assessment
for your organization , and the reason is is because you're going to get hacked . It's just a matter of time . So the question comes into is how can you be resilient in the event that there is an event within your organization ?
So DORA is the first steps to take towards that and , as everything we kind of focus on with GDPR , dora is very similar in some of the financial restrictions or financial penalties that may come with it . Now there's a key focus areas around DORA .
Now it came into activity or enforcement as of today , january 17th of 2025 , and it's for banks , insurance companies , investment firms and third-party IT providers , providing basically assistance within the EU .
Now it's Information and Communication Technology Risk Management , ict risk management , but realistically it's just risk management in general for all types of businesses that deal with financial aspects within the UK .
Now this digital operational resiliency testing that's going to need to occur , and it also has incident reporting and information sharing set up within this act .
This is very similar to what we run into with the Coast Guard and also with the Chinese cyber laws and the various other cyber laws around the globe is there's a lot of information sharing that must be occurring during this period .
One of the things that you do with the Chinese government I'm just going to kind of quickly pass off to them is that you had a period of time in which you had to report an incident . So you had a certain and it wasn't like days , it was hours you had to report an incident . This isn't quite that draconian .
However , you do have to have reporting capabilities set up within your organization to alert the auditors and the regulators on a situation that may occur within your company . Now some of the penalties that may occur is basically fines up to 2% of their global annual turnover similar to GDPR , which was 4% at the time , or $10 million , whichever is higher .
So it's a pretty substantial penalty for not compliance with this . The third-party providers could incur fines up to 1% of their daily global turnover , and then regulatory authorities possess the power to limit or suspend business activities based on non-compliant businesses . So , as you can see , this can get very challenging very quickly .
And then the last little bullet I think is interesting is that individual business leaders could be held personally liable and face penalties up to a million dollars or a million pounds basically . So I've seen this with the CISOs as well .
There's more and more responsibility getting towards the chief information security officers as well as the senior leaders of the organization . So noncompliance is not an option .
Again , this kind of comes along the lines of where JP Morgan and a lot of other big , large financial institutions in the United States have been working very hard to be resilient and getting themselves in a position to take on that capability . Now there's one thing I want to just kind of bring up around .
That is the fact that this article brought up one little piece , little nugget that was kind of interesting . It's that the report from the Orange Cyber Defense over there in the UK , they repealed that 43% of UK financial service firms will miss the DORA compliance deadline . So that's a lot , and DORA is not new .
This isn't something that they were just all of a sudden kind of came out of the closet and said oh , here I am , hello , no , this has been going on for a little while and they knew this compliance was coming . So the interesting part is that 43% I mean that's 67% are compliant . Right , that's good or no ? Not 67 . I can't do math .
57% are compliant , so that's good , but 43% are not . So it's just telling you that this is a much bigger deal , and it's going to go beyond just the EU .
It'll be with other countries as well , and I also am a big believer that if you own any sort of manufacturing facilities , you need to really truly start to understand resiliency , especially if you're critical infrastructure .
In the United States , the government's going to start promoting that and probably requiring it , very similar to what happens in the United States , where the financial sector is usually the first to lead , then the other sectors follow suit as long as the risk will meet it , and then , obviously , the costs that go and associate with that .
But again , dora , it takes effect January 17th today , and I actually said the day of this recording . I should say All right , so we are going to move on to the questions for today . All right , so you can get all these questions again at cisspcybertrainingcom . If you go there , you can get access to my free CISSP questions .
If you sign up with the free CISSP questions , you get 360 CISSP questions for just signing up Now , those will come out to you about every 30 days . You'll get a new batch . But , that being said , you also sign up for my newsletter .
You will get an additional two CISSP questions hit in your mailbox every single week , along with the fact that you'll get access to all of my content , my video content , as that is promoted on my site , on my blog post . It'll send you links to that as well . So there's a lot of great opportunities there .
Just by signing up Now , if you go with one of my paid programs , you can have access to all of this information , all of the questions , immediately . You can have access to all the questions that come to you on a weekly basis . It's just basically a one-stop shop . So , again , that's , the paid option is available for you as well .
So there's a lot of different things for you at CISSP , cyber Training , and you can go check it out . Okay , so we're going to get into questions , and this is group eight and this is tied to , again , domain 3.4 .
So , question one a security team is investigating an incident where a virtual machine was compromised , allowing the attacker to gain control of the hypervisor and other VMs running on the same host . What attack has likely occurred ? So , basically , that VM was compromised and it allowed them to gain access to the hypervisor where the other VMs were operating .
What attack likely occurred ? A side channel attack ? B , a VM escape ? C , a fault injection or D , a speculative execution ? And the answer is B a VM escape . Right ?
So VM escapes allow the attacker to break out of the guest VM hypervisor area and then that allows them gaining access to other VMs which then potentially could have direct impact on what's on those systems . A side channel attack will infer to data directly , whereas a fault injection disrupts normal operations . So that is that .
Question two An enterprise IT department uses a type one hypervisor and we talked about this in the podcast in a data center to host several mission critical virtual machines . Which strategy would be prioritized to prevent VM escape attacks ? So an enterprise IT department uses Type 1 hypervisor and data centers to host several mission-critical virtual machines .
Which strategy would be prioritized to prevent VM escape attacks ? A using IOMMU to manage memory access . B enabling speculative execution . C disabling the nested paging or D configuring software-based virtualization . Again , now you have a type 1 hypervisor in the data center to host several mission-critical virtual machines .
What type of strategy should be prioritized to prevent VM escapes ? And the answer is A using IOMMU to manage memory access . This is input-output memory management unit and it's designed for hardware-level protection by controlling the direct memory access or DMA for other devices . Again , this helps prevent getting VM escapes from occurring ?
Question three A system administrator notices abnormal behavior on a server running virtual machines . Investigation cache based timing discrepancies revealed that data from one vm is being accessed by another without direct interaction . Without or without direct interaction , what type of attack is occurring ?
So again , system administrator notices abnormal behavior on a server running a virtual machine . Upon investigation , the cache based timing discrepancies revealed that data that's basically the caches there you got .
Timing discrepancies between the two different caches that are on the system revealed that the data of one VM is being accessed by another without direct interaction . What type of attack is occurring ? A a VM escape , b a buffer overflow , c a memory scrubbing or D a side channel attack . And the answer is D side channel attack .
Again , side channel attacks exploit shared resources like CPU caches and or branch prediction units and infer sensitive data . So the ultimate goal is that they talk to other machines outside of the hyper , within the hypervisor , but they're not having direct communication like they would normally have in a normal networking environment .
They're actually communicating them directly , which is a bad thing . Question four a high security environment uses ECC or error correcting code memory . Which benefit does ECC memory primarily provide ? So a high security environment uses ECC . Which benefit does ECC memory primarily provide ? A faster access times . B protection against speculative execution .
C detection and correction of memory errors or D complete prevention of memory overflows ? And the answer is C detection and correction of memory errors . Ecc is designed to correct your code , basically detects and corrects single-bit memory errors and then enhances the reliability of the system . It does not prevent speculative execution or any sort of buffer overflow .
Question five an attacker gains unauthorized access to privileged kernel memory from a user mode process using speculative execution . Which vulnerability best describes the attack ? So again , the attacker gains unauthorized access to privileged kernel memory from a user-made process using speculative execution . Which vulnerability best describes the attack ?
Meltdown is A , b is Spectre , c is Rowhammer or D is L1TF . And the answer is A . Meltdown exploits speculative execution by bypassing privilege checks and it reads the kernel memory directly . So that's a key factor . With that Spectre , though , tricks the speculative execution into leaking data .
Row hammer induces bit flips and memory , and l1 tf targets the cache faults . Question six a software engineer designs an encryption system to protect data in use within the cpu secure enclave . Which hardware feature supports this functionality ?
So a software engineer designs encryption system to protect data in use within the CPU's specular enclave or secure enclave , I should say . And the answer let's see , we'll go through these real quick . Sorry , I didn't give you the answer . A TPM , b IOMMU , c Intel SGX or D AAMD-V , as in Victor . And the answer is C Intel SGX .
That provides secure enclaves and protects code and data in use , preventing access by unauthorized processes . Okay , so that's the ultimate goal there . So if you again , you know kind of a little bit about IOMMU , you know about TPM , those would be ones you could throw out relatively quickly . So if you didn't know , you could guess on the AMD-V or the SGX .
But kind of throw , as you're dealing with these questions , throw out ones that you know . That isn't what they're asking for . Question seven During a memory protection audit , a security consultant recommends kernel page table isolation KPTI . What vulnerability is this mitigation targeting ?
And during memory protection audit , a security consultant recommends kernel page table isolation KPTI . Which vulnerability is this mitigation targeting ? A Rowhammer , b , buffer Overflow , c , meltdown or D Spectre ? Okay , and the answer is C , it is Meltdown . Kpti mitigates Meltdown by separating kernel and user memory spaces . So you'd have to kind of know that right .
But if you could maybe bring that down and go okay , how does meltdown work ? And then go into that that play ? Now let's just kind of be honest here . These are some pretty in-depth questions that may be very challenging on the CISSP .
They may or may not ask you those questions , but the goal though of this is to understand some of the big key concepts around the memory protections , meltdown Spectre , the TPM , iommu . Those are key factors that may be asked of you in the CISSP . Question eight A trusted computing system uses a dedicated chip to store cryptographic keys for encryption .
Which technology is being used ? So a trusted computing system is using a dedicated chip to store cryptographic keys ? A , hypervisor , b , intel , txt , c , sev or Sierra , echo , vector . And D Trusted Platform Module or TPM . And the answer is D , tpm , right , that securely stores crypto keys . Right , and that's the ultimate point of it .
So again , if you know what TPM is , then it makes more sense when the question comes to you . Question nine a cloud provider uses AMD , secure encrypted virtualization or SEV . What primary benefit does SEV offer ? So again , the primary the cloud provider provides AMD sorry , cloud provider , key factor there AMD , secure encrypted virtualization or SEV .
What primary benefit does SEV offer ? A faster virtual machine startup B secure booting and operational operating systems , c shared access to memory between VMs or D encrypted memory for guest VMs . And you could kind of maybe break it down a little bit , but at the end of it it is D encrypted memory for guest VMs .
Sev encrypts virtual machine memory , preventing access to the hypervisor . Question 10 , a fault-tolerant memory system . Memory errors are detected and corrected automatically . Which type of memory is most likely used ? Again , memory errors are detected and corrected automatically . What type of memory is most likely used ?
A ECC memory , b SRAM , c Non-ECC memory or D DRAM without error correction . And we know that the error correction is dealt with ECC . So ECC memory detects and corrects errors and prevents the faults . Gives you some level of resiliency . Question 11 which technique mitigates the risk of a dma attack in virtualization ?
So which technique mitigates the risk of dma attacks in virtualization ? A , I , o , m , m , u , b , s , e , v , c , ecc memory or d , t , p m ? So which technique mitigates the risk of DMA attacks in virtualization ? And the answer is IOMMU . Iommu restricts data memory access to prevent unauthorized DMA attacks .
And again , if you're dealing with the overall aspects around virtualization , it is your management unit . Okay , question 12 . A server running a hypervisor uses nested page tables for memory translation . What is the primary purpose of a nested paging ? So a server running a hypervisor uses nested page tables for memory translation .
What is the primary purpose of nested paging ? A increased execution speed . B prevent speculative execution . C manage physical to virtual memory mappings or D encrypt guest memory . Dan uses page tables for memory translation . What would it be it is ? C manage physical to virtual memory mappings . These nested tables provide .
Improve the memory translation efficiencies in virtual environments . That is the purpose of a nested page table . Question 13 . A physical RAM module is subject to repeated access to adjacent rows , causing bit flips . Okay , bit flips key term . What vulnerability does this describe ?
A physical RAM module is subject to repeated access in adjacent rows , causing a bit flip . What vulnerability does this describe ? A Rowhammer B Spectre C , l1tf or DKPTI and we know bit flips is the rowhammer right ? I just that's a really cool thing , rowhammer . How'd they come up with that ?
Rowhammer exploits electrical interference to induce bit flips and adjacent memory cells . That's the point of Rowhammer . Question 14 . A malicious actor exploits a branch misprediction vulnerability to infer data across process boundaries , inferring data , inferring data . Which attack does this describe ?
Again , malicious actor uses branch misprediction vulnerability to infer data across process boundaries A meltdown , b rohammer , c DMA attacks or D specter . And the answer is D specter . Uses branch misproduction and speculative execution to leak sensitive data .
Question 15 , the last melon which of the following best describes against , or which of the following best protects against , unauthorized physical access to memory data ? So which of the following best protects against unauthorized physical access to memory data ? A memory scrubbing , b TPM , c memory encryption or D , d vm escapes ?
Again , best protects against unauthorized physical access ? And it is c memory encryption . Memory encryption secures data against unauthorized access , even if physical memory is potentially compromised . That's all I have for you today . So head on over to cissp cyber training and get access to all of my content . It's all there .
It's there waiting for you to take it , just waiting . It's the CISSP . If you're studying for it , you want to go to CISSP Cyber Training and get access to it . My blueprint will help you through , step by step , on what you need to do to study for the CISSP so that you can come out and you can pass it the first time .
Also , there's a lot of great content that's free . Obviously , my blog post has all my free , all my videos . It are the videos that we've gone through on the podcast . It has all my podcasts that are out there as well . You can listen to that . In addition to that , there is a lot more access to all of my .
If you sign up for my email marketing piece of this , you will get access to all of these 360 questions that I have out there as well , as you'll get two new questions every single week put into your mailbox . So I mean , you think about it . That's a lot of questions . That's like 400 and some questions or more than that .
It's like 450 almost questions that you can have specifically in your mailbox . With just signing up with us Plus , you get access to all of the . Any new content that comes out . You'll be the first to know about it , and there's some , also some new things that I'm looking at .
If they do fly and I can get an alignment with some people , then you would have access to purchase that as well . So there's lots of really , really cool stuff . That's coming with CISSP Cyber Training . I hope you go to CISSP Cyber Training and check it out .
Or , if you need consulting services , you can also head over to Reduce Cyber Risk and check out that That'd be a podcast that is also being reduced or released as well . That is tying for small and medium-sized businesses , but any business can use it , any business .
All right , I hope you guys have a wonderful , wonderful day and we will catch you all on the flip side , see ya .