3.0 Security Architecture

Question 1

Q: What is a responsibility matrix in cloud computing?

Answer 1

It defines who is responsible for securing different components in a cloud environment (provider vs client).

Question 2

What are hybrid clouds?

Answer 2

A combination of private and public clouds used together by an organization

Question 3

What is Infrastructure as Code (IaC)?

Answer 3

The practice of managing and provisioning computing infrastructure through machine-readable definition files rather than physical hardware configuration

Question 4

What is serverless computing?

Answer 4

Running applications without managing dedicated servers; the provider handles infrastructure management

Question 5

What is a microservices architecture?

Answer 5

An architectural style where an application is developed as a collection of small services that communicate over APIs

Question 6

How does network segmentation improve security?

Answer 6

It limits lateral movement within a network by isolating traffic into different segments

Question 7

What is an air-gapped network?

Answer 7

A network that is physically isolated from external networks for security purposes

Question 8

What is Software-defined Networking (SDN)?

Answer 8

A networking approach that uses software-based controllers to manage network traffic instead of relying on hardware devices

Question 9

What are containers in computing?

Answer 9

Lightweight virtualized environments that share the host OS kernel but isolate applications and their dependencies.

Question 10

What is virtualization?

Answer 10

Running multiple virtual machines on a single physical server with each VM operating independently with its own OS

Question 11

Why are IoT devices often targeted by attackers?

Answer 11

They often lack robust security features such as strong passwords or encryption

Question 12

What are Industrial Control Systems (ICS)?

Answer 12

Systems used in industrial settings like power plants or manufacturing facilities to control processes

Question 13

What is high availability in IT systems?

Answer 13

Ensuring that systems remain operational with minimal downtime through redundancy and failover mechanisms

Question 14

How does logical segmentation differ from physical isolation?

Answer 14

Logical segmentation divides traffic through software configurations like VLANs, while physical isolation separates systems physically

Question 15

What is risk transference in IT architecture?

Answer 15

Shifting risk from one party to another, often seen when using third-party vendors or cloud services instead of managing everything in-house

Question 16

Why might patch availability be a concern in embedded systems?

Answer 16

Embedded systems often have limited update mechanisms, making it difficult to apply patches quickly or at all

Question 17

What does “compute” refer to in architecture considerations?

Answer 17

The processing power required by systems or applications within an architecture model

Question 18

What is meant by decentralized architecture?

Answer 18

A decentralized architecture distributes data processing across multiple locations or devices rather than relying on a single centralized system

Question 19

Why is scalability important in modern architectures?

Answer 19

Scalability allows systems to handle increased workloads without compromising performance and ensures that they can grow as demand increases

Question 20

What are some common challenges with hybrid cloud environments?

Answer 20

Hybrid clouds require consistent security policies across both private and public clouds and careful management of data transfer between them

Question 21

How does SDN improve flexibility in networking?

Answer 21

SDN allows centralized control over network traffic through software rather than relying on physical hardware configurations, enabling more dynamic management of resources

Question 22

What is the purpose of a DMZ in network architecture?

Answer 22

To isolate public-facing services from internal networks for added security

Question 23

What is an attack surface?

Answer 23

The total number of vulnerabilities or entry points an attacker can exploit

Question 24

Describe fail-open vs fail-close scenarios.

Answer 24

Fail-open allows access during failure; fail-close denies access during failure

Question 25

What is the role of an IPS?

Answer 25

To monitor and block suspicious activity in real-time.

Question 26

What does SD-WAN stand for?

Answer 26

Software-defined Wide Area Network.

Question 27

What does 802.1X provide?

Answer 27

Network access control through device authentication before granting access

Question 28

How does a WAF protect web applications?

Answer 28

By filtering HTTP requests to prevent attacks like SQL injection

Question 29

What is the difference between active and passive devices?

Answer 29

Active devices manage traffic; passive devices monitor without affecting it

Question 30

What does TLS stand for?

Answer 30

Transport Layer Security

Question 31

What is SASE?

Answer 31

Secure Access Service Edge—a cloud-based framework combining networking and security functions.

Question 32

Why is reducing the attack surface important?

Answer 32

It minimizes potential vulnerabilities attackers can exploit.

Question 33

What type of firewall operates at both Layer 4 and Layer 7?

Answer 33

Next-generation firewalls (NGFW).

Question 34

What is a jump server used for?

Answer 34

To securely manage devices across different security zones.

Question 35

How does port security enhance network protection?

Answer 35

By restricting which devices can connect based on authentication protocols like 802.1X

Question 36

What is IPSec used for?

Answer 36

Securing IP communications through encryption and authentication.

Question 37

Name one benefit of using SD-WAN.

Answer 37

It improves performance while maintaining secure connections through encryption.

Question 38

How does a proxy server enhance privacy?

Answer 38

By intermediating requests between clients and servers, hiding client details from servers

Question 39

What is the main function of a load balancer?

Answer 39

To distribute network traffic across multiple servers ensuring availability

Question 40

Why might an organization choose fail-close over fail-open?

Answer 40

To prioritize security by blocking access during system failures