06 Flashcards
____________ is the one demand delivery of IT resources and applications across the internet
Cloud Computing
___________ is how you implement cloud in your business
Deployment methods
In a ___________ the cloud infrastructure is provisioned for exclusive use by a single organization comprised of multiple consumers
Private Cloud
In aq ___________ the cloud infrastructure is provisioned for open use by the public and may be owned /operated by a business, academic, or government organization or both.
Public Cloud
A _____________ exists when multiple organizations share a common concern, such as specific security requirements
community cloud
A _____________ consists of the combination of two or more cloud deployment models
____________ where additional processing is handled outside the standard cloud infrastructure
Hybrid Cloud
Cloud Bursting
____________ is how you utilize the cloud
service model
_____________ Is the customers use of applications running from a cloud provider but they have no control over the infrastructure
SaaS Software as a service
____________ is when a client creates their own applications or software but uses programming languages and tools supported by the cloud provider. The client has no control over the infrastructure
Paas Platform as a Service
_______________ is the provisioning of processing, storage, and networks to a customer
Infrastructure as a service Iaas
_____________ is the analysis and practice of concealing information and sensitive data
Cryptography
______________ encrypts data, hiding contents from unauthorized users
Confidentiality
______________ Provides checksums and supports digital signatures
Integrity
_______________ Credential checks ensure availability to authorized users while denying access to unauthorized users
Availability
_______________ When user accounts are assigned a password, that password is hashed and stored in the system , whe the same account tries to login the password they enter is hashed and compared to the one stored in the database. If it matches their let in.
Password Authentication
______________ by hashing certain installed files, such as an executable, a user is assured that file has not been changed or replaced by another
File Verification
_____________ Is a technique of providing confidentiality by converting ordinary data into ciphertext, which is unintelligible
Encryption
____________ uses a single key to encrypt and decrypt the data. Both the sender and receiver must have a copy of the same key
Symmetric Encryption
____________ Uses a different key for encryption than decryption. Based on a one-way function where the same key used for encryption of the data cannot be used for decryption of the data.
Asymmetric encryption
To be sure a sender is who they say they are ________________ are used.
digital signatures
Verifying identity and if the user is allowed to a space is achieved through _________________
digital certificates
_______________ is the protection of the network devices, data, and users, in essence the network as a whole entity
network security
A _________ is defined as something that has the potential to damage the network, to include data, hosts, or users.
Network threat
Common network threats are?
Hardware failures
Access
Malware
Social engineering
Denial of service
______________ is the duplication of components or the functions of a system and can go as far as having an entire secondary site on hand in case it is needed
redundancy
____________ protects data through the means of logical controls. These controls include the use of passwords, permissions, access control lists, and traffic filtering devices such as firewalls
Logical Access
___________ is the non-local logical access to a network systems or resources from a separate physical location.
Remote Access
A _______ is a type of malicious software that distributes itself over the network via user interaction
Virus
A ______ is a self-replicating and self-propagating type of malicious software. Unlike viruses, ______ do not need user interaction to execute
Worm
_________ Is a seemingly innocent file that contains malicious code underneath
Trojan
A ________ is a stealthy type of malware designed to hide existence of specific processes or programs from normal methods of detection and enable continued privilege access to the computer
RootKit
All computers infected by a ______ are collectively called a _______, which allows system access to an attacker and causes the attackers computer too be the command-control server
bot, botnet
Three main methods of malware prevention?
Anti-malware programs, training, procedures
__________ is the process of exploiting human behavior to gain authorized access to information
social engineeering
__________ can be broadly characterized by any action that prevents an unauthorized user rom accessing data, a device, or any resource they should normally have access to
DoS, Denial of service
___________ overwhelms a system like DoS but through multiple source computers
DDos
_________ are hardware and/or software that protect computers and networks from external attacks by utilizing permit/deny statements, filtering any unauthorized or illegitimate traffic
Firewalls
__________ software applications or suite of applications installed ona single computer
Host-based firewall
________ functioning on a network level, the firewall filters data as it travels from teh internet to computer on the network
Network-based firewalll
An _________ is a security tool used to monitor a network and detect unauthorized activities and anomalies, to detect possible intrusions
Intrusion Detection System
An _______ that respond to detected issues by blocking traffic or otherwise preventing the malicious activity.
Intrusion Prevention Systems
___________ collects and analyzes data that originates on a computer that hosts a service, such as a web server
Host-Based Intrusion Detction/prevention system
____________ Analyzes data packets that travel over the actual network to verify their nature as malicious or benign
Network-Based Intrusion Detction/prevention system
________ is a framework of data protection for databases that contain usernames and passwords. What do these mean?
AAA
Authentication: presenting credentials to network
Authorization: The determination of what tasks are and are not allowed on the network
Accounting: keeping a log of everything that happens on the network
__________ is an AAA standard used in supporting thousands of access points managed by ISPs and linking them to a single database
RADIUS, AAA vendor neutral
__________ is another AAA protocol developed by Cisco to include access to routers and switches
TACACS AAA Cisco only
________ Is yet another AAA protocol based on TACACS and developed by Huawei
HWTACACAS
__________ Is a suite of protocols which allows for secure data transmissions over IP-based networks through authentication and encryption. It is a MANDATORY component of IPV6 because it works at layer 3 of the OSI model
IPsec
The ___________ protocol handles authentication services for IPsec. AH provides data integrity and authentication for IP Traffic.
It ensures data integrity not security
Authentication Header (AH)
The ________________ further protects a datagram by encrypting its payload, ensuring the privacy of a message. Uses a symmetric encryption algorithm to encrypt the payload of the ip packet
Ensures data security not integrity
Encapsulating security payload (ESP)
The _____________ only encrypts and authenticates the payload of the IP packet, providing the most security by enabling the security functions between two communicating devices or end-points.
Transport mode
__________ protects communication between routers and not end hosts. This method provides protection for portions of the route, which travels outside the organization.
Tunnel Mode
