3.0 Security Architecture Flashcards
What is Serverless Architecture
Function as a Service
Q: What is physical isolation in networking?
A: Using separate hardware to prevent attacker movement between networks.
Q: What is logical segmentation?
A: Using VLANs to segment networks on the same switch.
Q: What is SDN (Software Defined Networking)?
A: Makes the physical network programmable via software.
Q: What are the three planes in SDN?
A: Data Plane (packet forwarding), Control Plane (routing), Management Plane (configuration).
Q: What is virtualization?
A: Running multiple OSes on one hardware using hypervisors.
Q: What is containerization?
A: Isolated app environments using Docker; share host OS.
Q: Difference between containers and VMs?
A: Containers share host OS; VMs use hypervisors and separate OS.
Q: What is SCADA/ICS?
A: Supervisory control systems for industrial devices; not internet-exposed.
Q: What is RTOS?
A: A real-time OS that guarantees task execution within strict timing constraints.
Q: What is an embedded system?
A: A device with hardware and software built for a single purpose (e.g., smartwatches, traffic lights).
Q: What does MTTR stand for?
A: Mean Time to Repair — how long it takes to fix a system after failure.
Q: What is elasticity in cloud computing?
A: The ability to scale resources dynamically in response to workload demand.
Q: What is risk transference?
A: Shifting risk to another party (e.g., using a cloud provider or insurance).
Q: Best practice if infected by malware?
A: Restore from clean backups or use pre-configured corporate images.
Q: Why are embedded systems hard to patch?
A: They may lack interfaces or vendor support, making patching difficult or impossible.
Q: What is a security zone?
A: Logical or physical areas with different trust levels (e.g., DMZ, internal network).
Q: What is the difference between fail-open and fail-closed?
Fail-open: Allows traffic during failure
Fail-closed: Blocks traffic for security
Q: What is passive monitoring?
A: IDS-like system that observes and logs activity without interfering.
Q: What is a jump server?
A: A secure intermediary used to access internal servers via VPN, SSH, or RDP.
Q: What is a forward proxy?
A: Intercepts outbound internet traffic from inside a network.
Q: What is a reverse proxy?
A: Accepts incoming internet traffic and forwards it to internal servers.
Q: What is a load balancer used for?
A: Distributes traffic across multiple servers for high availability and performance.
Q: What is SSL offloading?
A: Delegates encryption/decryption to the load balancer to reduce server load.
Q: What is EAP?
A: Extensible Authentication Protocol; a framework supporting many authentication methods.
Q: What is IEEE 802.1X used for?
A: Port-based network access control requiring authentication before network access.
Q: What is NAC?
A: Network Access Control; validates a device before granting network access.
Q: What is the EAP authentication process?
A: Supplicant → Authenticator → Authentication Server (e.g., RADIUS, LDAP).
Q: What is UTM?
A: Unified Threat Management — all-in-one device (firewall, AV, spam filter); legacy solution.
Q: What does a traditional firewall filter on?
A: OSI Layer 4 (transport layer — ports and protocols).
Q: What is an NGFW?
A: Next-Gen Firewall with Layer 7 inspection, app awareness, and intrusion prevention.
Q: What does a VPN do?
A: Encrypts traffic between devices over untrusted networks.
Q: What is a WAF?
A: Web Application Firewall; protects web apps by filtering HTTP/HTTPS traffic (detects SQLi, XSS).
Q: What is IPsec tunnel mode?
A: Encrypts entire IP packet with a new outer header for secure transmission.
Q: What is SSL/TLS VPN?
A: VPN using SSL/TLS protocols (e.g., HTTPS); often browser-based using port 443.
Q: What is SD-WAN?
A: Software-defined WAN that dynamically manages connections across remote sites.
Q: What is SASE?
A: Secure Access Service Edge — integrates SD-WAN and cloud-based security.
Q: What is PII?
A: Personally Identifiable Information — can be used to identify an individual.
Q: What is data sovereignty?
A: Legal requirement that data be stored/processed within specific countries.
Q: What is failover?
A: Automatic switching to backup systems when primary fails.
Q: What is a UPS?
A: Uninterruptible Power Supply — short-term backup power during outages.
Q: What is the purpose of sensors and collectors in SIEM?
A: Sensors gather security data; collectors forward it to a SIEM for analysis and alerts.
What is RADIUS?
(Remote Authentication Dial-In User Service)
Centralized authentication server, often used with EAP/802.1X.
What is EAP?
A framework that supports various authentication methods (certs, passwords, smart cards).
Extensible Authentication Protocol
What is LDAP?
(Lightweight Directory Access Protocol)
Used for directory services and authentication (e.g., Active Directory).
What is 802.1X?
Standard for port-based network access control, enforces authentication.
What is SSL/TLS ?
(Secure Sockets Layer / Transport Layer Security)
Encryption protocols for secure communication (e.g., HTTPS, SSL VPN).
What is a WAF?
WAF (Web Application Firewall)
Filters HTTP/HTTPS traffic; protects web apps from injection attacks.
