2.0 Architecture and Design

Question 1

data are subject to the laws and governance structures of the nation where they are collected

Answer 1

Data Sovereignty

Question 2

the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data

Answer 2

Data Loss Prevention

Question 3

a way to create a fake, but a realistic version of your organizational data. The goal is to protect sensitive data, while providing a functional alternative when real data is not needed

Answer 3

Data Masking

Question 4

data that has reached a destination and is not being accessed or used

Answer 4

Data at rest

Question 5

any data that is sent from one system to another

Answer 5

data in transit/motion

Question 6

occurs when data is collected and translated into usable information

Answer 6

data in processing

Question 7

is the process of de-identifying sensitive cardholder data by converting it to a string of randomly generated numbers called a “token.” Similar to encryption, tokenization obfuscates the original data to render it unreadable in the event of a data breach or other exposure.

Answer 7

Tokenization

Question 8

the process of intercepting and reviewing SSL-encrypted internet communication between the client and the server

Answer 8

SSL Secure Socket Layer Inspection

Question 9

a security mechanism that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network

Answer 9

TLS Transport Layer Security Inspection

Question 10

the process of transforming any given key or a string of characters into another value

Answer 10

Hasing

Question 11

an off-premises location where a company’s work can resume immediately during a disaster. It has all the equipment ready to go and be used. Available 24/7

Answer 11

Hot Site

Question 12

A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. Only available during the disaster

Answer 12

Cold Site

Question 13

some or all of the IT equipment found in a typical primary data center, such as software and hardware. After a disaster at the primary site, an organization will introduce customer data and may install additional equipment at the site

Answer 13

Warm Site

Question 14

a controlled and safe environment for showing how attackers work and examining different types of threats

Answer 14

honeypot

Question 15

bait files intended for hackers to access

Answer 15

honeyfiles

Question 16

a decoy network that contains one or more honeypots

Answer 16

honeynets

Question 17

Hacker method that is trying to get the machine to think that the malware is actually something good.

Answer 17

Fake Telemetry

Question 18

a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address

Answer 18

DNS Sinkholing

Question 19

a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis.

Answer 19

IaaS Infrastructure as a Service

Question 20

is a cloud computing model provides a platform for customers to develop, run, and manage applications without building and maintaining the cloud infrastructure required to develop and launch an app.

Answer 20

PaaS Platform as a Service

Question 21

a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted

Answer 21

Software as a Service

Question 22

describes a general category of services related to cloud computing and remote access. It recognizes the vast number of products, tools, and technologies that are now delivered to users as a service over the internet

Answer 22

Anything as a service

Question 23

a decentralized computing infrastructure in which data, compute, storage and applications are located somewhere between the data source and the cloud

Answer 23

Fog Computing

Question 24

an emerging computing paradigm which refers to a range of networks and devices at or near the user. about processing data closer to where it’s being generated, enabling processing at greater speeds and volumes, leading to greater action-led results in real time.

Answer 24

Edge Computing

Question 25

work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory, are stored.

Answer 25

Thin Client

Question 26

packages of software that contain all of the necessary elements to run in any environment. In this way, virtualize the operating system and run anywhere, from a private data center to the public cloud or even on a developer’s personal laptop

Answer 26

Containers

Question 27

an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network

Answer 27

Software Defined Networking

Question 28

allows us to deploy next-generation firewalls, intrusion prevention, web application firewalls, and other security devices while at the same time being able to understand exactly what type of data is flowing between all of these systems

Answer 28

Software Defined Visibility

Question 29

happens when an administrator can no longer effectively control and manage all the virtual machines on a network

Answer 29

virtual machine sprawl avoidance

Question 30

protection that prevents a virtual machine from directly interacting with the host operating system

Answer 30

VM Escape Protection

Question 31

checking through all of the data to make sure it’s in the right format, and if it’s not the right format, it should add any corrections

Answer 31

Normalization

Question 32

prepared SQL code that you can save, so the code can be reused over and over again

Answer 32

Stored Procedure

Question 33

process of taking something that would commonly be relatively easy to understand and make it very difficult to understand

Answer 33

Obfuscation

Question 34

the processing takes place on a web server. This processing is important to execute the tasks required by the user on the web

Answer 34

Service Side Execution

Question 35

the processing takes place on the user’s computer

Answer 35

Client Side Execution

Question 36

when sensitive information is lost due to unintentional exposure

Answer 36

data exposure

Question 37

nonprofit foundation dedicated to improving software security. It operates under an “open community” model, which means that anyone can participate in and contribute to related online chats, projects, and more

Answer 37

Open Web Application Security Project

Question 38

a threat intelligence approach that automates the monitoring of information security controls, vulnerabilities, and other cyber threats to support organizational risk management decisions

Answer 38

Continuous Monitoring

Question 39

lets you constantly monitor new code, testing it against criteria for functionality, security, and performance. It’s a vital way to screen out bugs, stop potential issues from reaching the main database, and ensure that rollouts go as smoothly as possible

Answer 39

continuous validation

Question 40

application developers may constantly be updating an application and perhaps even merging it into a central repository many times a day

Answer 40

continuous integration

Question 41

a way that you could provide access to your network using credentials that someone uses for a completely different service. This can be done for users that are on your local network or you could use this for third party individuals such as partners or customers to be able to gain access to your server

Answer 41

Federation

Question 42

a review and confirmation of your organization’s security status by an independent reviewer

Answer 42

Attestation

Question 43

a one-time password (OTP) algorithm based of Hashes

Answer 43

HMAC-based one-time password

Question 44

Is a biometric feature where these capillaries that are in the back of your eye. They are a relatively unique feature of your eye and they don’t often change, making them a very good biometric factor to use for authentication

Answer 44

Retina

Question 45

is a biometric feature where its in the front of our eye, and there’s usually specific textures and colors associated

Answer 45

Iris

Question 46

biometric feature where the vascular scanners can look at veins that might be in our arms. This can look at the blood vessels in our extremities, and determine who a person is based on the unique layout of their veins.

Answer 46

Veins

Question 47

assessment of the way the body moves, usually by walking or running, from one place to another.
The purpose of this is to detect any abnormalities in locomotion.

Answer 47

Gait Analysis

Question 48

how often your biometric system will approve an unauthorized user by looking at these biometric value

Answer 48

False Acceptance Rate

Question 49

someone who is authorized to get into the system, they put their finger on the fingerprint reader of the biometric system and instead of getting a green light, they get a red light

Answer 49

False Rejection Rate

Question 50

an area where we have minimized the number of false acceptance rates, and we’ve minimized the amount of false rejection rates, and effectively gotten both of those down to an equal level

Answer 50

Crossover error rate

Question 51

something that’s in your brain, and only you happen to know what this particular value is

Answer 51

Something you know

Question 52

usually a device or some type of system that is near where you happen to be. Something like a smart card

Answer 52

Something you have

Question 53

associating these characteristics with a specific individual or person. Basically features that makes you

Answer 53

something you are

Question 54

is a personal way that you do things. For example, the way that you walk is very unique to you

Answer 54

Something you exhibit

Question 55

Name the Triple As

Answer 55

Authentication, Accounting, Authorization

Question 56

if you do lose one of those physical drives, you have separate pieces of that data stored on other multiple drives as part of that array
What is this called?

Answer 56

RAID Redundant Array of inexpensive disks

Question 57

Raid type that has no redundancy whatsoever, it’s usually called striping without parity. Where you have very good performance to be able to read and write to that array

Answer 57

Raid 0

Question 58

Raid type where we can take one physical drive, and duplicate all of the data on that physical drive to a separate physical drive. It’s a mirror of the information. That way if we lose any one of those drives, all the information continues to be available and accessible on that separate drive

Answer 58

Raid 1

Question 59

where we have striping with parity where we’re putting pieces of information on separate physical drives, and then on a last physical drive we’re putting some parity information. If we lose any of the drives on that particular array, it will rebuild the data based on the parity information that’s put on that extra drive

Answer 59

Raid 5

Question 60

network drives, with configurations with multiple links in the network to provide redundancy if one part of the network was to fail.

Answer 60

Multipath

Question 61

provide redundancy to a server using multiple network interface cards on that device

Answer 61

NIC Teaming

Question 62

a device that provides multiple power sources

Answer 62

Power distribution Unit

Question 63

dedicated, independent high-speed network that interconnects and delivers shared pools of storage devices to multiple servers

Answer 63

Storage area Network

Question 64

A back up type when performing a backup on a system, that you back up every single file on the system

Answer 64

Full Back Up

Question 65

occur after the full backup has occurred, and it will back up all of the files that have changed since the last backup

Answer 65

Incremental Back up

Question 66

a full backup that backs up everything on the system. Each subsequent differential backup, though, is going to back up everything that’s changed since the last full backup. So every day, the backup is going to get bigger and bigger and bigger as we change more and more information since the last full backup

Answer 66

Differential back up

Question 67

the practice of periodically copying data from a primary storage device to a tape cartridge so the data can be recovered if there is a hard disk crash or failure

Answer 67

Tape Back up

Question 68

dedicated file storage that enables multiple users and client devices to retrieve data from centralized disk capacity

Answer 68

NAS Network attached Storage

Question 69

one that is constantly accessible and constantly updated throughout the day. This is one that occurs over the network, usually to a third-party or cloud-based service, and it’s usually over an encrypted channel

Answer 69

online back up

Question 70

backing up your local devices to this backup component. It’s usually something that performs very quickly, and it’s over a secure channel We have to make sure that the communication between the system that’s being backed up and the backup service itself is protected and constantly maintained, and it often requires that this information be stored at an offsite facility for disaster recovery purposes

Answer 70

offline back up

Question 71

integrated circuits often sold off-the-shelf. They’re referred to as ‘field programmable’ because they provide customers the ability to reconfigure the hardware to meet specific use case requirements after the manufacturing process.

Answer 71

Field programmable Gate Arrays

Question 72

an automated software control system that monitors industrial control systems (ICS) and provides data insights to industrial supervisors about the condition of the entire operation

Answer 72

SCADA Supervisory Control and data acquisition

Question 73

OS that guarantees real-time applications a certain capability within a specified deadline. are designed for critical systems and for devices like microcontrollers that are timing-specific. processing time requirements are measured in milliseconds

Answer 73

Real Time OS

Question 74

microchip with all the necessary electronic circuits and parts for a given system, such as a smartphone or wearable computer, on a single integrated circuit (IC)

Answer 74

System on Chip

Question 75

are signals that occupy a narrow range of frequencies or that have a small fractional bandwidth

Answer 75

Narrowband

Question 76

using a single frequency to be able to communicate.very often done over a single cable or a single fiber connection, and it’s usually using a digital communication. Since there is a single frequency being used for this communication, anything going over this link is going to use all of the bandwidth on that connection

Answer 76

Baseband

Question 77

devices can transmit data over long distances by passing data through a mesh network of intermediate devices to reach more distant ones

typically used in low data rate applications that require long battery life and secure networking.

Answer 77

Zigbee

Question 78

a device that plugs into the charging port on your phone, acting as a shield between the public charging station’s cord and your phone

Answer 78

USB Data Blocker

Question 79

shield is an enclosure used to block electromagnetic fields

Answer 79

Faraday Cage

Question 80

security measure that involves isolating a computer or network and preventing it from establishing an external connection

Answer 80

Airgap

Question 81

triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces. It provides additional protection from outside cyber attacks by adding a perimeter network to isolate or separate the internal network from the public-facing internet

Answer 81

Screened Subnet

Question 82

adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) for cables and to permit its use for the transmission of unencrypted information through an area of lesser classification or control

Answer 82

Protected cable distribution

Question 83

to collect the IT equipment’s hot exhaust air, allowing the rest of the data center to become a large cold-air return plenum. Air is being taken from the back of the servers

Answer 83

Hot Aisle

Question 84

face air conditioner output ducts and air is being take into the front of the servers

Answer 84

Cold Aisle

Question 85

to insert a random set of characters to a weak key and make it stronger and as well increase the size of the password hash, making things harder for a brute-force attack

Answer 85

Key Stretching

Question 86

a technique that is a unique value that can be added to the end of the password to create/ change a different hash value

Answer 86

Salting

Question 87

the procedure of translating a given key into a code.

Answer 87

Hashing

Question 88

a method in cryptography by which cryptographic keys are exchanged between two parties

Answer 88

Key Exchange

Question 89

is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.

Answer 89

elliptic-curve cryptography

Question 90

an encryption style known for producing temporary private key exchanges between clients and servers. For every individual session initiated by a user, a unique session key is generated

Answer 90

perfect forward secrecy

Question 91

a field of applied quantum physics closely related to quantum information processing and quantum teleportation.

Answer 91

Quantum communications

Question 92

an area of computer science that uses the principles of quantum theory

Answer 92

Quantum Computing

Question 93

to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks

Answer 93

Post-Quantum Cryptography

Question 94

A cryptographic key that is generated for each execution of a key-establishment process and that meets other requirements of the key type

Answer 94

Ephemeral Key

Question 95

record-keeping system that maintains participants’ identities in secure and (pseudo-)anonymous form, their respective cryptocurrency balances, and a record book of all the genuine transactions executed between network participants

Answer 95

Public Ledger

Question 96

are encrypting one byte at a time. So we will take our plaintext, we’ll grab the first byte, we’ll encrypt that byte, and we’ll store the encrypted information

Answer 96

Stream Cipher

Question 97

encrypting a fixed length block of information at a time. So instead of taking a single byte, it will take a block of bytes and encrypt that entire block at one time. We usually will see this with 64-bit or 128-bit blocks.

Answer 97

Block Cipher

Question 98

encryption uses a single key to encrypt and decrypt

Answer 98

Symmetric

Question 99

encryption uses a mathematically related pair of keys for encryption and decryption: a public key and a private key

Answer 99

asymmetric

Question 100

an encryption method that features a small footprint and/or low computational complexity. It is aimed at expanding the applications of cryptography to constrained devices and its related international standardization and guidelines compilation are currently underway

Answer 100

Lightweight Cryptography

Question 101

the practice of concealing messages or information within other nonsecret text or data.

Answer 101

Steganography

Question 102

encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form

Answer 102

homomorphic encryption

Question 103

is a way to measure just how unpredictable a password might be.

Answer 103

Entropy

Question 104

technical best practice to authenticate DNS queries and responses by using cryptographic digital signatures

Answer 104

domain name system security extensions