3.0 Security Architecture Flashcards
Q: What is a responsibility matrix in cloud computing?
It defines who is responsible for securing different components in a cloud environment (provider vs client).
What are hybrid clouds?
A combination of private and public clouds used together by an organization
What is Infrastructure as Code (IaC)?
The practice of managing and provisioning computing infrastructure through machine-readable definition files rather than physical hardware configuration
What is serverless computing?
Running applications without managing dedicated servers; the provider handles infrastructure management
What is a microservices architecture?
An architectural style where an application is developed as a collection of small services that communicate over APIs
How does network segmentation improve security?
It limits lateral movement within a network by isolating traffic into different segments
What is an air-gapped network?
A network that is physically isolated from external networks for security purposes
What is Software-defined Networking (SDN)?
A networking approach that uses software-based controllers to manage network traffic instead of relying on hardware devices
What are containers in computing?
Lightweight virtualized environments that share the host OS kernel but isolate applications and their dependencies.
What is virtualization?
Running multiple virtual machines on a single physical server with each VM operating independently with its own OS
Why are IoT devices often targeted by attackers?
They often lack robust security features such as strong passwords or encryption
What are Industrial Control Systems (ICS)?
Systems used in industrial settings like power plants or manufacturing facilities to control processes
What is high availability in IT systems?
Ensuring that systems remain operational with minimal downtime through redundancy and failover mechanisms
How does logical segmentation differ from physical isolation?
Logical segmentation divides traffic through software configurations like VLANs, while physical isolation separates systems physically
What is risk transference in IT architecture?
Shifting risk from one party to another, often seen when using third-party vendors or cloud services instead of managing everything in-house
Why might patch availability be a concern in embedded systems?
Embedded systems often have limited update mechanisms, making it difficult to apply patches quickly or at all
What does “compute” refer to in architecture considerations?
The processing power required by systems or applications within an architecture model
What is meant by decentralized architecture?
A decentralized architecture distributes data processing across multiple locations or devices rather than relying on a single centralized system
Why is scalability important in modern architectures?
Scalability allows systems to handle increased workloads without compromising performance and ensures that they can grow as demand increases
What are some common challenges with hybrid cloud environments?
Hybrid clouds require consistent security policies across both private and public clouds and careful management of data transfer between them
How does SDN improve flexibility in networking?
SDN allows centralized control over network traffic through software rather than relying on physical hardware configurations, enabling more dynamic management of resources
What is the purpose of a DMZ in network architecture?
To isolate public-facing services from internal networks for added security
What is an attack surface?
The total number of vulnerabilities or entry points an attacker can exploit
Describe fail-open vs fail-close scenarios.
Fail-open allows access during failure; fail-close denies access during failure
What is the role of an IPS?
To monitor and block suspicious activity in real-time.
What does SD-WAN stand for?
Software-defined Wide Area Network.
What does 802.1X provide?
Network access control through device authentication before granting access
How does a WAF protect web applications?
By filtering HTTP requests to prevent attacks like SQL injection
What is the difference between active and passive devices?
Active devices manage traffic; passive devices monitor without affecting it
What does TLS stand for?
Transport Layer Security
What is SASE?
Secure Access Service Edge—a cloud-based framework combining networking and security functions.
Why is reducing the attack surface important?
It minimizes potential vulnerabilities attackers can exploit.
What type of firewall operates at both Layer 4 and Layer 7?
Next-generation firewalls (NGFW).
What is a jump server used for?
To securely manage devices across different security zones.
How does port security enhance network protection?
By restricting which devices can connect based on authentication protocols like 802.1X
What is IPSec used for?
Securing IP communications through encryption and authentication.
Name one benefit of using SD-WAN.
It improves performance while maintaining secure connections through encryption.
How does a proxy server enhance privacy?
By intermediating requests between clients and servers, hiding client details from servers
What is the main function of a load balancer?
To distribute network traffic across multiple servers ensuring availability
Why might an organization choose fail-close over fail-open?
To prioritize security by blocking access during system failures
