2.0 Architecture and Design Flashcards

1
Q

data are subject to the laws and governance structures of the nation where they are collected

A

Data Sovereignty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data

A

Data Loss Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

a way to create a fake, but a realistic version of your organizational data. The goal is to protect sensitive data, while providing a functional alternative when real data is not needed

A

Data Masking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

data that has reached a destination and is not being accessed or used

A

Data at rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

any data that is sent from one system to another

A

data in transit/motion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

occurs when data is collected and translated into usable information

A

data in processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

is the process of de-identifying sensitive cardholder data by converting it to a string of randomly generated numbers called a “token.” Similar to encryption, tokenization obfuscates the original data to render it unreadable in the event of a data breach or other exposure.

A

Tokenization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

the process of intercepting and reviewing SSL-encrypted internet communication between the client and the server

A

SSL Secure Socket Layer Inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

a security mechanism that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network

A

TLS Transport Layer Security Inspection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

the process of transforming any given key or a string of characters into another value

A

Hasing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

an off-premises location where a company’s work can resume immediately during a disaster. It has all the equipment ready to go and be used. Available 24/7

A

Hot Site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. Only available during the disaster

A

Cold Site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

some or all of the IT equipment found in a typical primary data center, such as software and hardware. After a disaster at the primary site, an organization will introduce customer data and may install additional equipment at the site

A

Warm Site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

a controlled and safe environment for showing how attackers work and examining different types of threats

A

honeypot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

bait files intended for hackers to access

A

honeyfiles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

a decoy network that contains one or more honeypots

A

honeynets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Hacker method that is trying to get the machine to think that the malware is actually something good.

A

Fake Telemetry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address

A

DNS Sinkholing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis.

A

IaaS Infrastructure as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

is a cloud computing model provides a platform for customers to develop, run, and manage applications without building and maintaining the cloud infrastructure required to develop and launch an app.

A

PaaS Platform as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted

A

Software as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

describes a general category of services related to cloud computing and remote access. It recognizes the vast number of products, tools, and technologies that are now delivered to users as a service over the internet

A

Anything as a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

a decentralized computing infrastructure in which data, compute, storage and applications are located somewhere between the data source and the cloud

A

Fog Computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

an emerging computing paradigm which refers to a range of networks and devices at or near the user. about processing data closer to where it’s being generated, enabling processing at greater speeds and volumes, leading to greater action-led results in real time.

A

Edge Computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory, are stored.

A

Thin Client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

packages of software that contain all of the necessary elements to run in any environment. In this way, virtualize the operating system and run anywhere, from a private data center to the public cloud or even on a developer’s personal laptop

A

Containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network

A

Software Defined Networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

allows us to deploy next-generation firewalls, intrusion prevention, web application firewalls, and other security devices while at the same time being able to understand exactly what type of data is flowing between all of these systems

A

Software Defined Visibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

happens when an administrator can no longer effectively control and manage all the virtual machines on a network

A

virtual machine sprawl avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

protection that prevents a virtual machine from directly interacting with the host operating system

A

VM Escape Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

checking through all of the data to make sure it’s in the right format, and if it’s not the right format, it should add any corrections

A

Normalization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

prepared SQL code that you can save, so the code can be reused over and over again

A

Stored Procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

process of taking something that would commonly be relatively easy to understand and make it very difficult to understand

A

Obfuscation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

the processing takes place on a web server. This processing is important to execute the tasks required by the user on the web

A

Service Side Execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

the processing takes place on the user’s computer

A

Client Side Execution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

when sensitive information is lost due to unintentional exposure

A

data exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

nonprofit foundation dedicated to improving software security. It operates under an “open community” model, which means that anyone can participate in and contribute to related online chats, projects, and more

A

Open Web Application Security Project

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

a threat intelligence approach that automates the monitoring of information security controls, vulnerabilities, and other cyber threats to support organizational risk management decisions

A

Continuous Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

lets you constantly monitor new code, testing it against criteria for functionality, security, and performance. It’s a vital way to screen out bugs, stop potential issues from reaching the main database, and ensure that rollouts go as smoothly as possible

A

continuous validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

application developers may constantly be updating an application and perhaps even merging it into a central repository many times a day

A

continuous integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

a way that you could provide access to your network using credentials that someone uses for a completely different service. This can be done for users that are on your local network or you could use this for third party individuals such as partners or customers to be able to gain access to your server

A

Federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

a review and confirmation of your organization’s security status by an independent reviewer

A

Attestation

43
Q

a one-time password (OTP) algorithm based of Hashes

A

HMAC-based one-time password

44
Q

Is a biometric feature where these capillaries that are in the back of your eye. They are a relatively unique feature of your eye and they don’t often change, making them a very good biometric factor to use for authentication

A

Retina

45
Q

is a biometric feature where its in the front of our eye, and there’s usually specific textures and colors associated

A

Iris

46
Q

biometric feature where the vascular scanners can look at veins that might be in our arms. This can look at the blood vessels in our extremities, and determine who a person is based on the unique layout of their veins.

A

Veins

47
Q

assessment of the way the body moves, usually by walking or running, from one place to another.
The purpose of this is to detect any abnormalities in locomotion.

A

Gait Analysis

48
Q

how often your biometric system will approve an unauthorized user by looking at these biometric value

A

False Acceptance Rate

49
Q

someone who is authorized to get into the system, they put their finger on the fingerprint reader of the biometric system and instead of getting a green light, they get a red light

A

False Rejection Rate

50
Q

an area where we have minimized the number of false acceptance rates, and we’ve minimized the amount of false rejection rates, and effectively gotten both of those down to an equal level

A

Crossover error rate

51
Q

something that’s in your brain, and only you happen to know what this particular value is

A

Something you know

52
Q

usually a device or some type of system that is near where you happen to be. Something like a smart card

A

Something you have

53
Q

associating these characteristics with a specific individual or person. Basically features that makes you

A

something you are

54
Q

is a personal way that you do things. For example, the way that you walk is very unique to you

A

Something you exhibit

55
Q

Name the Triple As

A

Authentication, Accounting, Authorization

56
Q

if you do lose one of those physical drives, you have separate pieces of that data stored on other multiple drives as part of that array
What is this called?

A

RAID Redundant Array of inexpensive disks

57
Q

Raid type that has no redundancy whatsoever, it’s usually called striping without parity. Where you have very good performance to be able to read and write to that array

A

Raid 0

58
Q

Raid type where we can take one physical drive, and duplicate all of the data on that physical drive to a separate physical drive. It’s a mirror of the information. That way if we lose any one of those drives, all the information continues to be available and accessible on that separate drive

A

Raid 1

59
Q

where we have striping with parity where we’re putting pieces of information on separate physical drives, and then on a last physical drive we’re putting some parity information. If we lose any of the drives on that particular array, it will rebuild the data based on the parity information that’s put on that extra drive

A

Raid 5

60
Q

network drives, with configurations with multiple links in the network to provide redundancy if one part of the network was to fail.

A

Multipath

61
Q

provide redundancy to a server using multiple network interface cards on that device

A

NIC Teaming

62
Q

a device that provides multiple power sources

A

Power distribution Unit

63
Q

dedicated, independent high-speed network that interconnects and delivers shared pools of storage devices to multiple servers

A

Storage area Network

64
Q

A back up type when performing a backup on a system, that you back up every single file on the system

A

Full Back Up

65
Q

occur after the full backup has occurred, and it will back up all of the files that have changed since the last backup

A

Incremental Back up

66
Q

a full backup that backs up everything on the system. Each subsequent differential backup, though, is going to back up everything that’s changed since the last full backup. So every day, the backup is going to get bigger and bigger and bigger as we change more and more information since the last full backup

A

Differential back up

67
Q

the practice of periodically copying data from a primary storage device to a tape cartridge so the data can be recovered if there is a hard disk crash or failure

A

Tape Back up

68
Q

dedicated file storage that enables multiple users and client devices to retrieve data from centralized disk capacity

A

NAS Network attached Storage

69
Q

one that is constantly accessible and constantly updated throughout the day. This is one that occurs over the network, usually to a third-party or cloud-based service, and it’s usually over an encrypted channel

A

online back up

70
Q

backing up your local devices to this backup component. It’s usually something that performs very quickly, and it’s over a secure channel We have to make sure that the communication between the system that’s being backed up and the backup service itself is protected and constantly maintained, and it often requires that this information be stored at an offsite facility for disaster recovery purposes

A

offline back up

71
Q

integrated circuits often sold off-the-shelf. They’re referred to as ‘field programmable’ because they provide customers the ability to reconfigure the hardware to meet specific use case requirements after the manufacturing process.

A

Field programmable Gate Arrays

72
Q

an automated software control system that monitors industrial control systems (ICS) and provides data insights to industrial supervisors about the condition of the entire operation

A

SCADA Supervisory Control and data acquisition

73
Q

OS that guarantees real-time applications a certain capability within a specified deadline. are designed for critical systems and for devices like microcontrollers that are timing-specific. processing time requirements are measured in milliseconds

A

Real Time OS

74
Q

microchip with all the necessary electronic circuits and parts for a given system, such as a smartphone or wearable computer, on a single integrated circuit (IC)

A

System on Chip

75
Q

are signals that occupy a narrow range of frequencies or that have a small fractional bandwidth

A

Narrowband

76
Q

using a single frequency to be able to communicate.very often done over a single cable or a single fiber connection, and it’s usually using a digital communication. Since there is a single frequency being used for this communication, anything going over this link is going to use all of the bandwidth on that connection

A

Baseband

77
Q

devices can transmit data over long distances by passing data through a mesh network of intermediate devices to reach more distant ones

typically used in low data rate applications that require long battery life and secure networking.

A

Zigbee

78
Q

a device that plugs into the charging port on your phone, acting as a shield between the public charging station’s cord and your phone

A

USB Data Blocker

79
Q

shield is an enclosure used to block electromagnetic fields

A

Faraday Cage

80
Q

security measure that involves isolating a computer or network and preventing it from establishing an external connection

A

Airgap

81
Q

triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces. It provides additional protection from outside cyber attacks by adding a perimeter network to isolate or separate the internal network from the public-facing internet

A

Screened Subnet

82
Q

adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) for cables and to permit its use for the transmission of unencrypted information through an area of lesser classification or control

A

Protected cable distribution

83
Q

to collect the IT equipment’s hot exhaust air, allowing the rest of the data center to become a large cold-air return plenum. Air is being taken from the back of the servers

A

Hot Aisle

84
Q

face air conditioner output ducts and air is being take into the front of the servers

A

Cold Aisle

85
Q

to insert a random set of characters to a weak key and make it stronger and as well increase the size of the password hash, making things harder for a brute-force attack

A

Key Stretching

86
Q

a technique that is a unique value that can be added to the end of the password to create/ change a different hash value

A

Salting

87
Q

the procedure of translating a given key into a code.

A

Hashing

88
Q

a method in cryptography by which cryptographic keys are exchanged between two parties

A

Key Exchange

89
Q

is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.

A

elliptic-curve cryptography

90
Q

an encryption style known for producing temporary private key exchanges between clients and servers. For every individual session initiated by a user, a unique session key is generated

A

perfect forward secrecy

91
Q

a field of applied quantum physics closely related to quantum information processing and quantum teleportation.

A

Quantum communications

92
Q

an area of computer science that uses the principles of quantum theory

A

Quantum Computing

93
Q

to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks

A

Post-Quantum Cryptography

94
Q

A cryptographic key that is generated for each execution of a key-establishment process and that meets other requirements of the key type

A

Ephemeral Key

95
Q

record-keeping system that maintains participants’ identities in secure and (pseudo-)anonymous form, their respective cryptocurrency balances, and a record book of all the genuine transactions executed between network participants

A

Public Ledger

96
Q

are encrypting one byte at a time. So we will take our plaintext, we’ll grab the first byte, we’ll encrypt that byte, and we’ll store the encrypted information

A

Stream Cipher

97
Q

encrypting a fixed length block of information at a time. So instead of taking a single byte, it will take a block of bytes and encrypt that entire block at one time. We usually will see this with 64-bit or 128-bit blocks.

A

Block Cipher

98
Q

encryption uses a single key to encrypt and decrypt

A

Symmetric

99
Q

encryption uses a mathematically related pair of keys for encryption and decryption: a public key and a private key

A

asymmetric

100
Q

an encryption method that features a small footprint and/or low computational complexity. It is aimed at expanding the applications of cryptography to constrained devices and its related international standardization and guidelines compilation are currently underway

A

Lightweight Cryptography

101
Q

the practice of concealing messages or information within other nonsecret text or data.

A

Steganography

102
Q

encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form

A

homomorphic encryption

103
Q

is a way to measure just how unpredictable a password might be.

A

Entropy

104
Q

technical best practice to authenticate DNS queries and responses by using cryptographic digital signatures

A

domain name system security extensions