3.0 Architectures and Designs

Question 1

The use of multiple layers of security to protect resources. Controlled Diversity and Vendor Diversity are two methods organizations implement to provide this.

Answer 1

Defense-in-Depth

Question 2

The practice of implementing security controls from different vendors to increase security.

Answer 2

Vendor Diversity

Question 3

The use of different security control types such as technical controls, administrative controls, and physical controls.

Answer 3

Control Diversity

Question 4

Security controls implemented via administrative or management methods.

Answer 4

Administrative Control

Question 5

Security controls implemented through technology.

Answer 5

Technical Control

Question 6

A network architecture that is situated between an untrusted network and a protected network and acts as a protective buffer zone between the two networks.

Answer 6

DMZ (Demilitarized Zone)

Question 7

The part of an internal network shared with outside entities. They are often used to provide access to authorized business partners, customers, vendors, or others.

Answer 7

Extranet

Question 8

An internal network. People use this to communicate and share content with each other.

Answer 8

Intranet

Question 9

A service that translates public IP address to private IP address and vice versa.

Answer 9

NAT (Network Access Translation

Question 10

A connection mode used by wireless devices without an access point. When wireless devices connect through an access point they are using infrastructure mode.

Answer 10

AD HOC

Question 11

A method of segmenting traffic, it logically groups several different computers together without regard of their physical location.

Answer 11

VLAN (Virtual Local Area Network)

Question 12

A technology that allows you to host multiple virtual machines on a single physical system.

Answer 12

Virtualization

Question 13

A physical security control that provides physical isolation. Systems separated by this don’t typically have any physical connections to other systems.

Answer 13

Airgap

Question 14

A dedicated device used for VPNs that includes all the services needs to create a VPN, including strong encryption and authentication techniques.

Answer 14

VPN Concentrator

Question 15

Devices used to handle TLS traffic. Servers can offload TLS traffic to improve performance.

Answer 15

SSL Acelerator

Question 16

Hardware of software that balances the load between two or more servers.

Answer 16

Load Balancer

Question 17

An attack on a system launched from multiple sources, intended to make a computers resources or services unavailable to users.

Answer 17

DDoS (Distributive Denial of Service)

Question 18

A method to encrypt an entire disc.

Answer 18

FDE (Full Disc Encryption)

Question 19

A drive that includes the hardware and software necessary to encrypt a hard drive.

Answer 19

SED (Self Encrypting Drive)

Question 20

Hardware chip on a motherboard included in many laptops and some mobile devices.

Answer 20

TPM (Trusted Platform Module)

Question 21

A removable or external device that can generate, store, and manage RSA keys using asymmetric encryption.

Answer 21

HSM (Hardware Security Module)

Question 22

A method used to boot some systems and intended to replace BIOS firmware.

Answer 22

UEFI/BIOS

Question 23

Interference caused by motors, power lines, and fluorescent lights.

Answer 23

EMI/EMP (Electromagnetic Interference/ Pulse)

Question 24

A freestanding device that operates in a largely self-contained manner.

Answer 24

Appliance

Question 25

A core principle of secure system design. Systems should be deployed with only the services, application, and protocols needed to meet their purpose.

Answer 25

Least Functionality

Question 26

A list of applications that a system allows.

Answer 26

Application White Listing

Question 27

A list of applications that a system denies.

Answer 27

Application Black Listing

Question 28

The use of an isolated area on a system, typically for testing.

Answer 28

Sandboxing

Question 29

The state of a system when all required OS software and applications as well as configuration details have been configured exactly according to predetermined standard.

Answer 29

Baselining

Question 30

A system used to control an ICS such as a power plant or a water treatment facility.

Answer 30

SCADA (Supervisory Control and Data Acquisition)

Question 31

The network of physical devices connected to the Internet.

Answer 31

IoT (Internet of Things)

Question 32

Physical security control that increase availability by regulating air flow within data centers and server rooms.

Answer 32

HVAC

Question 33

An integrated circuit that includes a computing systems within the hardware. Many mobile devices include this.

Answer 33

SoC (System on a Chip)

Question 34

An operating system that reacts to input within a specific time.

Answer 34

RTOS (Real Time Operating System)

Question 35

Software development cycle using a top down approach. It uses multiple stage; with each stage starting after the previous stage is completed.

Answer 35

Waterfall Method

Question 36

The process of managing and provisioning computer datacenters through machine-readable definition files.

Answer 36

Infrastructure as Code

Question 37

The process of organizing data and columns in a database.

Answer 37

Normalization

Question 38

An attempt to make something unclear or difficult to understand.

Answer 38

Obfuscation

Question 39

A method of testing that intentionally enters invalid input to see if the application can handle it.

Answer 39

Fuzzing

Question 40

Subjecting a system to workloads that are extreme.

Answer 40

Stress Testing

Question 41

Virtualization method that is independent of the operating system and boots before the OS.

Answer 41

Type I Hypervisor

Question 42

Virtualization method that is dependent on the operating system.

Answer 42

Type II Hypervisor

Question 43

A model of cloud computing in which the consumer can use the provider’s applications, but they do not manage or control any of the underlying cloud infrastructure.

Answer 43

SaaS

Question 44

A cloud service model wherein the consumer can deploy but does not manage or control any of the underlying cloud infrastructure.

Answer 44

PaaS

Question 45

A model of cloud computing that utilizes virtualization; clients pay an outsourcer for the resources used.

Answer 45

IaaS

Question 46

A cloud delivery model owned and managed internally.

Answer 46

Private Cloud

Question 47

A cloud delivery model available to others.

Answer 47

Public Cloud

Question 48

Any cloud delivery model that combines two or more of the other delivery model types.

Answer 48

Hybrid Cloud

Question 49

Cloud delivery model in which the infrastructure is shared by organizations with something in common.

Answer 49

Community Cloud

Question 50

A subscription-based business model intended to be more cost effective than smaller individuals/corporations could ever achieve on their own.

Answer 50

Security as a Service

Question 51

Image of a virtual machine at a moment in time.

Answer 51

Snapshot

Question 52

A method to bring a system back quickly to its pre-attack state without needing a fixed set of hardware, OS, or configuration.

Answer 52

Non-persistence

Question 53

The capability to support future network growth beyond its current needs.

Answer 53

Scalability

Question 54

To have more than one of something, or some functioning feature of a system, or even another complete system.

Answer 54

Redundancy

Question 55

The capability of any system to continue functioning after some part of the system has failed. RAID is an example.

Answer 55

Fault Tolerance

Question 56

A configuration of multiple hard disks used to provide fault tolerance should a disk fail. Different levels of RAID exist.

Answer 56

RAID

Question 57

A device, such as a small room, that limits access to one or a few individuals. They typically use electronic locks and other methods to control access.

Answer 57

Mantrap

Question 58

An electrically conductive wire mesh or other conductor woven into a “cage” that surrounds a room and prevents electromagnetic signals from entering or leaving the room through the walls.

Answer 58

Faraday Cage

Question 59

Human physical characteristics that can be measured and saved to be compared as authentication and granting the user access to a network or resource.

Answer 59

Biometrics

Question 60

An authentication device or file.

Answer 60

Token

Question 61

A physical security deterrent used to protect a computer.

Answer 61

Cable Lock

Question 62

The management of all aspects of cryptographic keys in a cryptosystem, including key generation, exchange, storage, use, destruction and replacement.

Answer 62

Key Management

Question 63

A method of software development meant to be rapid.

Answer 63

Agile Development