Home > Articles > Certification > Other IT

This chapter is from the book

This chapter is from the book

CISSP Exam Cram, 3rd EditionCISSP Exam Cram, 3rd Edition

Learn More Buy

This chapter is from the book

This chapter is from the book

CISSP Exam Cram, 3rd EditionCISSP Exam Cram, 3rd Edition

Learn More Buy

Computer System Architecture

At the core of every computer system is the central processing unit (CPU) and the hardware that makes it run. The CPU is just one of the items that you can find on the motherboard. The motherboard serves as the base for most crucial system components. These physical components interact with the OS and applications to do the things we need done. Let’s start at the heart of the system and work our way out.

Central Processing Unit

The CPU is the heart of the computer system. The CPU consists of the following:

  • An arithmetic logic unit (ALU) that performs arithmetic and logical operations
  • A control unit that extracts instructions from memory and decodes and executes the requested instructions
  • Memory, used to hold instructions and data to be processed

The CPU is capable of executing a series of basic operations, including fetch, decode, execute, and write. Pipelining combines multiple steps into one process. The CPU has the capability to fetch instructions and then process them. The CPU can function in one of four states:

  • Ready state—Program is ready to resume processing
  • Supervisor state—Program can access entire system
  • Problem state—Only nonprivileged instructions executed
  • Wait state—Program waiting for an event to complete

Because CPUs have very specific designs, the operating system must be developed to work with the CPU. CPUs also have different types of registers to hold data and instructions. The base register contains the beginning address assigned to a process, whereas the limit address marks the end of the memory segment. Together, the components are responsible for the recall and execution of programs. CPUs have made great strides, as Table 5.1 documents. As the size of transistors has decreased, the number of transistors that can be placed on a CPU has increased. By increasing the total number of transistors and ramping up clock speed, the power of CPUs has increased exponentially. As an example, a 3.06GHz Intel Core i7 can perform about 18 million instructions per second (MIPS).

Table 5.1. CPU Advancements

CPU

Date

Transistors

Clock Speed

8080

1974

6,000

2MHz

80386

1986

275,000

12.5MHz

Pentium

1993

3,100,000

60MHz

Intel Core 2

2006

291,000,000

2.66GHz

Intel Core i7

2009

731,000,000

3.06GHz

NOTE

Processor speed is measured in MIPS. This standard is used to indicate how fast a CPU can work.

Two basic designs of CPUs are manufactured for modern computer systems:

  • Reduced Instruction Set Computing (RISC)—Uses simple instructions that require a reduced number of clock cycles.
  • Complex Instruction Set Computing (CISC)—Performs multiple operations for a single instruction.

The CPU requires two inputs to accomplish its duties: instructions and data. The data is passed to the CPU for manipulation where it is typically worked on in either the problem or the supervisor state. In the problem state, the CPU works on the data with nonprivileged instructions. In the supervisor state, the CPU executes privileged instructions.

Exam Alert

A superscalar processor is one that can execute multiple instructions at the same time, whereas a scalar processor can execute only one instruction at a time. You will need to know this distinction for the exam.

The CPU can be classified in one of several categories depending on its functionality. When the computer’s CPU, motherboard, and operating system all support the functionality, the computer system is also categorized according to the following:

  • Multiprogramming—Can interleave two or more programs for execution at any one time.
  • Multitasking—Can perform one or more tasks or subtasks at a time.
  • Multiprocessor—Supports one or more CPUs. Windows 98 does not support multiprocessors, whereas Windows Server 2008 does.

A multiprocessor system can work in symmetric or asymmetric mode. Symmetric mode shares resources equally among all programs. Asymmetric mode can set a priority so that one application can have priority and gain control of one of the processors. The data that CPUs work with is usually part of an application or program. These programs are tracked by a process ID (PID). Anyone who has ever looked at Task Manager in Windows or executed a ps command on a Linux machine has probably seen a PID number. Fortunately, most programs do much more than the first C code you wrote that probably just said, “Hello World.” Each line of code or piece of functionality that a program has is known as a thread.

A program that has the capability to carry out more than one thread at a time is known as multi-threaded. You can see an example of this in Figure 5.1.

Figure 5.1

Figure 5.1. Processes and threads.

Process activity uses process isolation to separate processes. These techniques are needed to ensure that each application receives adequate processor time to operate properly. The four process isolation techniques used are

  • Encapsulation of objects—Other processes do not interact with the application.
  • Virtual mapping—The application is written in such a way that it believes it is the only application running.
  • Time multiplexing—This allows the application or process to share resources.
  • Naming distinctions—Processes are assigned their own unique name.

Exam Alert

To get a good look at naming distinctions, run ps-aux from the terminal of a Linux system and note the unique process ID (PID) values.

An interrupt is another key piece of a computer system. An interrupt is an electrical connection between a device and the CPU. The device can put an electrical signal on this line to get the attention of the CPU. The following are common interrupt methods:

  • Programmed I/O—Used to transfer data between a CPU and peripheral device.
  • Interrupt-driven I/O—A more efficient input output method but requires complex hardware.
  • I/O using DMA—I/O based on direct memory access can bypass the processor and write the information directly into main memory.
  • Memory mapped I/O—Requires the CPU to reserve space for I/O functions and make use of the address for both memory and I/O devices.
  • Port mapped I/O—Uses a special class of instruction that can read and write a single byte to an I/O device.

Exam Alert

Interrupts can be maskable and non-maskable. Maskable interrupts can be ignored by the application, whereas nonmaskable interrupts cannot.

There is a natural hierarchy to memory and, as such, there must be a way to manage memory and ensure that it does not become corrupted. That is the job of the memory management. Memory management systems on multitasking operating systems are responsible for

  • Relocation—Maintains the ability to swap memory contents from memory to secondary storage as needed.
  • Protection—Provides control to memory segments and restricts what process can write to memory.
  • Sharing—Allows sharing of information based on a user’s level of access; that is, Mike can read the object, whereas Shawn can read and write to the object.
  • Logical organization—Provides for the sharing and support for dynamic link libraries.
  • Physical organization—Provides for the physical organization of memory.

Let’s now look at storage media.

Storage Media

A computer is not just a CPU; memory is also an important component. The CPU uses memory to store instructions and data. Therefore, memory is an important type of storage media. The CPU is the only device that can directly access memory. Systems are designed that way because the CPU has a high level of system trust. The CPU can use different types of addressing schemes to communicate with memory, which includes absolute addressing and relative addressing. Memory can be addressed either physically or logically. Physical addressing refers to the hard-coded address assigned to the memory. Applications and programmers writing code use logical addresses. Relative addresses use a known address with an offset applied. Not only can memory be addressed in different ways but there are also different types of memory. Memory can be either nonvolatile or volatile. The sections that follow provide examples of both.

TIP

Two important security concepts associated with storage are protected memory and memory addressing. For the exam, you should understand that protected memory prevents other programs or processes from gaining access or modifying the contents of address space that’s has previously been assigned to another active program. Memory can be addressed either physically or logically. Memory addressing describes the method used by the CPU to access the contents of memory.

RAM

Random access memory (RAM) is volatile memory. If power is lost, the data is destroyed. Types of RAM include static RAM, which uses circuit latches to represent binary data, and dynamic RAM, which must be refreshed every few milliseconds.

Static random access memory (SRAM) doesn’t require a refresh signal as DRAM does. The chips are more complex and are thus more expensive. However, they are faster. DRAM access times come in at 60 nanoseconds (ns) or more; SRAM has access times as fast as 10ns. SRAM is often used for cache memory.

RAM can be configured as Dynamic Random Access Memory (DRAM). Dynamic RAM chips are cheap to manufacture. Dynamic refers to the memory chips’ need for a constant update signal (also called a refresh signal) to keep the information that is written there. Currently, there are four popular implementations of DRAM:

  • Synchronous DRAM (SDRAM)—Shares a common clock signal with the transmitter of the data. The computer’s system bus clock provides the common signal that all SDRAM components use for each step to be performed.
  • Double Data Rate (DDR)—Supports a double transfer rate of ordinary SDRAM. This obtains twice the transfer rate.
  • DDR2—Splits each clock pulse in two, doubling the number of operations it can perform.
  • Rambus Direct RAM (RDRAM)—A proprietary synchronous DRAM technology. RDRAM can be found in fewer new systems today than just a few years ago. Rambus is found mainly in gaming consoles and home theater components.

Exam Alert

Memory leaks occur when programs use RAM but cannot release it. Programs that suffer from memory leaks will eventually use up all available memory and can cause the system to halt or crash.

ROM

Read-only memory (ROM) is nonvolatile memory that retains information even if power is removed. ROM is typically used to load and store firmware. Firmware is embedded software much like BIOS.

Some common types of ROM include

  • Erasable Programmable Read-Only Memory (EPROM)
  • Electrically Erasable Programmable Read-Only Memory (EEPROM)
  • Flash Memory
  • Programmable Logic Devices (PLD)

Secondary Storage

Although memory plays an important part in the world of storage, other long-term types of storage are also needed. One of these is sequential storage. Anyone who has owned an IBM PC with a tape drive knows what sequential storage is. Tape drives are a type of sequential storage that must be read sequentially from beginning to end. Another well-known type of secondary storage is direct-access storage. Direct access storage devices do not have to be read sequentially; the system can identify the location of the information and go directly to it to read the data. A hard drive is an example of a direct access storage device: A hard drive has a series of platters, read/write heads, motors, and drive electronics contained within a case designed to prevent contamination. Hard drives are used to hold data and software. Software is the operating system or an application that you’ve installed on a computer system. Floppies or diskettes are also considered secondary storage. The data on diskettes are organized in tracks and sectors. Tracks are narrow concentric circles on the disk. Sectors are pie-shaped slices of the disk. The disk is made of a thin plastic material coated with iron oxide. This is much like the material found in a backup tape or cassette tape. As the disk spins, the disk drive heads move in and out to locate the correct track and sector. It then reads or writes the requested track and sector.

Compact disks (CDs) are a type of optical media. They use a laser/opto-electronic sensor combination to read or write data. A CD can be read only, write once, or rewriteable. CDs can hold up to around 800MB on a single disk. A CD is manufactured by applying a thin layer of aluminum to what is primarily hard clear plastic. During manufacturing or whenever a CD/R is burned, small bumps or pits are placed in the surface of the disk. These bumps or pits are what are converted into binary ones or zeros. Unlike the tracks and sectors of a floppy, a CD comprises one long spiral track that begins at the inside of the disk and continues toward the outer edge.

Digital video disks (DVDs) are very similar to a CD because both are optical media—DVDs just hold more data. The next generation of optical storage is the Blu-ray disk. These optical disks can hold 50GB or more of data.

I/O Bus Standards

The data that the CPU is working with must have a way to move from the storage media to the CPU. This is accomplished by means of a bus. The bus is nothing more than lines of conductors that transmit data between the CPU, storage media, and other hardware devices. From the point of view of the CPU, the various adaptors plugged into the computer are external devices. These connectors and the bus architecture used to move data to the devices has changed over time. Some common bus architectures are listed here:

  • ISA—The Industry Standard Architecture (ISA) bus started as an 8-bit bus designed for IBM PCs. It is now obsolete.
  • PCI—The peripheral component interface (PCI) bus was developed by Intel and served as a replacement for ISA and other bus standards. PCI express is now the current standard.
  • SCSI—The small computer systems interface (SCSI) bus allows a variety of devices to be daisy-chained off of a single controller. Many servers use the SCSI bus for their preferred hard drive solution.

Two serial bus standards, USB and FireWire, have also gained wide market share. USB overcame the limitations of traditional serial interfaces. USB 2.0 devices can communicate at speeds up to 480Mbps, whereas USB 3.0 devices have a proposed rate of 4.8Gbps. Devices can be chained together so that up to 127 devices can be chained together. USB is used for flash memory, cameras, printers, external hard drives, and even iPods. Two of the fundamental advantages of the USB are that it has such broad product support and that many devices are immediately recognized when connected. The competing standard for USB is FireWire or IEEE 1394. This design can be found on many Apple computers, but is also found on digital audio and video equipment.

Hardware Cryptographic Components

Hardware offers the ability to build in encryption. A relatively new hardware security device for computers is called the trusted platform module (TPM) chip. The TPM moves the cryptographic processes down to the hardware level and provides a greater level of security than software encryption. A TPM chip can be installed on the motherboard of a client computer and is used for hardware authentication. The TPM authenticates the computer in question rather than the user. TPM uses the boot sequence to determine the trusted status of a platform. TPM is now covered by ISO 11889-1:2009.

The TPM provides the ability for encryption by calculating a hashed value based on items such as the system’s firmware, configuration details, and core components of the operating system’s kernel. At the time of installation, this hash value is securely stored within the TPM chip. This provides attestation. Attestation confirms, authenticates, or proves to be genuine. The TPM is a tamper-proof cryptographic module that can provide a means to report the system configuration to a policy enforcer securely to provide attestation.

Virtual Memory and Virtual Machines

Modern computer systems have developed other ways in which to store and access information. One of these is virtual memory. Virtual memory is the combination of the computer’s primary memory (RAM) and secondary storage (the hard drive). By combining these two technologies, the OS can make the CPU believe that it has much more memory than it actually does. Examples of virtual memory include

  • Page file
  • Swap space
  • Swap partition

These virtual memory types are user-defined in terms of size, location, and so on. When RAM is depleted, the CPU begins saving data onto the computer’s hard drive. Paging takes a part of a program out of memory and uses the page file to swap an entire program out of memory. This process uses a swap file so that the data can be moved back and forth between the hard drive and RAM as needed. A specific drive can even be configured to hold such data and as such is a swap partition. Individuals who have used a computer’s hibernation function or ever opened more programs on their computers than they’ve had enough memory to support are probably familiar with the operation of virtual memory.

Closely related to virtual memory are virtual machines, such asVMWare, VirtualBox, and VirtualPC. VMWare and VirtualPC are the two leading contenders in this category. A virtual machine enables the user to run a second OS within a virtual host. For example, a virtual machine will let you run another Windows OS, Linux x86, or any other OS that runs on x86 processor and supports standard BIOS booting. Virtual systems make use of a hypervisor to manage the virtualized hardware resources to the guest operating system. A Type 1 hypervisor runs directly on the hardware with VM resources provided by the hypervisor, whereas a Type 2 hypervisor runs on a host operating system above the hardware. Virtual machines are a huge trend and can be used for development and system administration, production, and to reduce the number of physical devices needed. The hypervisor is also being used to design virtual switches, routers, and firewalls.

TIP

Virtualization is not the only thing that is changing in the workplace; cloud computing enables employees to work from many different locations. Because the applications and data can reside in the cloud, a user can access this content from any location that has connectivity.

Computer Configurations

The following is a list of some of the most commonly used computer and device configurations:

  • Print server—Print servers are usually located close to printers and allow many users to access the printer and share its resources.
  • File server—File servers allow users to have a centralized site to store files. This provides an easy way to perform backups because it can be done on one server and not all the client computers. It also allows for group collaboration and multiuser access.
  • Program server—Program servers are also known as application servers. This service allows users to run applications not installed on the end users’ system. It is a very popular concept in thin client environments. Thin clients depend on a central server for processing power. Licensing is another important consideration.
  • Web server—Web servers provide web services to internal and external users via web pages. A sample web address or URL (uniform resource locator) is http://www.thesolutionfirm.com.
  • Database server—Database servers store and access data. This includes information such as product inventory, price lists, customer lists, and employee data. Because databases hold sensitive information, they require well-designed security controls.
  • Laptops and tablets—Mobile devices that are easily lost or stolen. Mobile devices have become much more powerful and must be properly secured.
  • Smart phones—Gone are the cell phones of the past that simply placed calls and sent SMS texts. Today’s smart phones are more like many computers and have a large amount of processing capability; they can take photos and have onboard storage, Internet connectivity, and the ability to run applications. These devices are of particular concern as more companies start to support bring your own device (BYOD). Such devices can easily fall outside of company policy and controls.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020