701 - Section 3

Question 1

What document is used by cloud providers that defines the different responsibilities for all of the cloud offerings between the provider and the customer?

Answer 1

Responsibility matrix

Question 2

What is it called when you have more than one public and or private cloud?

Answer 2

Hybrid cloud

Question 3

What are some security issues with a hybrid cloud?

Answer 3

Authentication across the different platforms, firewall configurations, server settings, diverse security monitoring, data leakage

Question 4

What is it called when the servers network and application are all defined in configuration?

Answer 4

Infrastructure as code

Question 5

What are some of the advantages with infrastructure as code?

Answer 5

The description can be used to build other application instances, and you can create multiple versions similar to application code

Question 6

What is it called when apps are separated into individual autonomous functions that removes the operating system from the equation?

Answer 6

Function as a service

Question 7

A developer will create these FaaS as server-side logic and they are executed in what?

Answer 7

A stateless container

Question 8

What is an API?

Answer 8

Application programming interface

Question 9

What is the glue for micros services which enable them to work together as an application?

Answer 9

APIs

Question 10

What are three advantages to micro services?

Answer 10

They are scalable, resilient, and offer security and compliance

Question 11

What are three advantages to micro services?

Answer 11

They are scalable, resilient, and offer security and compliance

Question 12

What does VLAN stand for?

Answer 12

Virtual local area network

Question 13

What does VLAN stand for?

Answer 13

Virtual local area network

Question 14

What does a VLAN do?

Answer 14

It separates networks logically instead of physically meaning communication cannot happen between the VLANs

Question 15

What does SDN stand for?

Answer 15

Software defined networking

Question 16

What are the three layers of SDN?

Answer 16

Infrastructure/data plane, control layer/control plane, application layer/management plane

Question 17

In SDN, which layer processes, the network frames and packets does forwarding trunking encrypting and NAT?

Answer 17

Infrastructure layer/data plane

Question 18

In SDN, which layer manages the actions of the data plan contains routing tables session, tables, and NAT tables?

Answer 18

Control layer/control plane

Question 19

In SDN, which layer configures and manages the device?

Answer 19

Application layer/management plane

Question 20

An application container contains what?

Answer 20

Everything you need to run an application, including code and other dependencies

Question 21

What does IOT stand for?

Answer 21

Internet of things

Question 22

What is another name for large scale multi industrial control systems?

Answer 22

SCADA, supervisory control and data acquisition system

Question 23

What are some examples where SCADA is used?

Answer 23

Power generation, refining, manufacturing

Question 24

What are some of the attributes for SCADA?

Answer 24

They are distributed, contain real time information, no external access

Question 25

What type of operating system has a deterministic processing schedule?

Answer 25

RTOS, real time operating system

Question 26

What kind of system has the hardware and software design for a specific function, that is built with only one task in mind? Give two examples

Answer 26

Embedded system, traffic, light controllers, medical imaging systems

Question 27

What does high availability mean? And what does it take to achieve higher her availability?

Answer 27

Always on, always available… higher costs as you add different components to meet contingencies

Question 28

What type of application infrastructure uses a hypervisor and also has an operating system for each instance?

Answer 28

Virtualized applications

Question 29

What type of application infrastructure uses a docker?

Answer 29

Containerized applications

Question 30

What is MTTR?

Answer 30

Mean time to repair

Question 31

What are five infastructure considerations?

Answer 31

Availability, resilience, cost, responsiveness, scalability, ease of deployment, risk transference, ease of recovery, update schedule, power, processor

Question 32

Which infrastructure consideration has the important metric of system up time?

Answer 32

Availability

Question 33

Which infrastructure consideration is commonly referenced as MTTR?

Answer 33

Resilience

Question 34

Which hardware consideration is defined by how much is required for initial installation, ongoing maintenance, replacement or repair cost, tax implications?

Answer 34

Cost

Question 35

Which infrastructure consideration uses system speed as an important metric?

Answer 35

Responsiveness

Question 36

Which infrastructure consideration is defined by how quickly and easily we can increase or decrease capacity?

Answer 36

Scalability

Question 37

Which infrastructure consideration is defined by how easily updates are applied?

Answer 37

Ease of deployment

Question 38

Which infrastructure consideration uses cyber security insurance, recovery from internal losses, protection against legal issues from customers?

Answer 38

Risk transference

Question 39

Which infrastructure consideration is defined by how easily the system will be made while after an issue?

Answer 39

Ease of recovery

Question 40

Which infrastructure consideration is defined by how frequent the system is maintained?

Answer 40

Patch availability

Question 41

Which infrastructure consideration is defined by backup services such as UPS and generators?

Answer 41

Power

Question 42

Which infrastructure consideration is defined by the applications ability to do heavy processing?

Answer 42

Computing power

Question 43

What simplifies security policy and is defined by the physical location or functional area of the network?

Answer 43

Security zones

Question 44

What are three securities zones?

Answer 44

Internet, screened, inside

Question 45

What are the two failure modes for an IPS and what do they mean?

Answer 45

Fail open, which means when a system fails, the data continues to flow… fail closed, which means when a system fails, the data does not flow

Question 46

What is the difference between an IPS and an IDS?

Answer 46

Both watch network traffic, and IP stops an attack before it gets into the network while and IDS sends an alarm or an alert when an attack is detected

Question 47

what is the difference between active monitoring and passive monitoring?

Answer 47

With active monitoring, the device will deny passage of the traffic when it detects an attack… with passive monitoring, the device will allow data to pass through it and it will send a copy of the traffic to the IDS or IPS

Question 48

What network appliance provides access to a protected network? And what is the security concern with it?

Answer 48

Jump server, if it is compromised, it can lead to a significant breach

Question 49

What is used to connect to the jump server?

Answer 49

SSH, a tunnel, a VPN

Question 50

What network appliance sits between the users and the external network, it receives user requests and sends their request on their behalf,

Answer 50

Proxy server

Question 51

What are some of the uses of a proxy server?

Answer 51

Cashing, access control, URL filtering, content scanning

Question 52

What type of proxy server is used to protect and control user access to the Internet?

Answer 52

A forward proxy

Question 53

What type of proxy server is used to protect and control user access to the Internet?

Answer 53

A forward proxy

Question 54

What type of proxy server sits between an internal server and the Internet?

Answer 54

A reverse proxy

Question 55

What type of proxy is not controlled and is operated by a third-party and is often used to circumvent existing security controls?

Answer 55

An open proxy

Question 56

What type of proxy is very commonly used and understands the way an application works?

Answer 56

An application proxy

Question 57

What is used to distribute requests across multiple servers, is used in large scale implementation like Web server farms and is fault tolerant?

Answer 57

Load balancers

Question 58

What type of load balancing offers TCP offload, SSL offload, cashing, prioritization, and content switching?

Answer 58

Active/active load balancing

Question 59

What is used to collect and aggregate information from network devices?

Answer 59

Collectors and sensors

Question 60

What does EAP stand for and what is it?

Answer 60

Extensible authentication protocol and it is an authentication framework

Question 61

What standard does EAP integrate with?

Answer 61

802.1X

Question 62

What is the principle for EAP 802.1x?

Answer 62

No access to the network until authentication succeeds

Question 63

What are the three principles of 802.1X and EAP?

Answer 63

Supplicant or the client, the authenticator, which is the device that provides access and the authentication server which validates the client credentials

Question 64

What are the two ways that a firewall can filter traffic? And what OSI layers are they?

Answer 64

By port number layer 4 or by application layer 7

Question 65

Most firewalls can also perform this function…

Answer 65

Router

Question 66

What is NAT?

Answer 66

Network address translation

Question 67

What is a another name for a firewall that also serves as an all-in-one security appliance?

Answer 67

UTM, unified threat management

Question 68

What does NGFW mean?

Answer 68

Next generation firewall

Question 69

What does an NGFW do with network traffic?

Answer 69

It inspects every packet and categorizes them before a security decision is determined

Question 70

What does an NGFW control traffic based on?

Answer 70

Applications

Question 71

What other function does NNGFW perform? And how does it do that?

Answer 71

Intrusion prevention, by applying application specific vulnerability signatures to the traffic

Question 72

What is a WAF? And how does it work?

Answer 72

Web application firewall… it allows or denies traffic based on an expected input. Unexpected input is a common method of exploiting an application.

Question 73

What function does a VPN perform? And what is another name for that VPN channel?

Answer 73

It encrypts data traversing a public network… a tunnel

Question 74

What protocol does a SSL/TLSVPN use

Answer 74

SSL/TLS

Question 75

What are three advantages to an SSL/TLS VPN?

Answer 75

No big VPN clients, no requirement for digital certificates or shared passwords for authentication, can run from a browser or other light VPN client across many operating systems

Question 76

What software configuration does a site to site IPsec VPN use?

Answer 76

VPN concentrators on both sides, usually firewalls serve this purpose

Question 77

What does a VPN concentrator do? And what is it often integrated with?

Answer 77

It will encrypt outgoing traffic and decrypt incoming traffic as it has it passes through…the firewall

Question 78

What does a VPN concentrator do? And what is it often integrated with?

Answer 78

It will encrypt outgoing traffic and decrypt incoming traffic as it has it passes through…the firewall

Question 79

What is an SD-WAN? And what infrastructure is it built for?

Answer 79

Software defined networking in a wide area network it is built for the cloud

Question 80

What does SASE stand for?

Answer 80

Secure access service edge… it is a complete network and security solution that provides secure, and efficient access to applications and data, regardless of their location

Question 81

What are three components of SASE?

Answer 81

Network as a service, security as a service, SASE client on all devices

Question 82

What is the data type that is managed by a third-party and governed by laws and statues?

Answer 82

Regulated

Question 83

What is the data type that is often unique to an organization and includes an organizations secret formulas?

Answer 83

Trade secret

Question 84

What is the data type that includes copyright and trademark restrictions?

Answer 84

Intellectual property

Question 85

What is the data type that includes court records and documents, PII and other sensitive details?

Answer 85

Legal information

Question 86

What is the data type that contains internal company details, customer, sensitive data, payment records?

Answer 86

Financial information

Question 87

What is the data type that is not easily understood by humans and includes barcode and images?

Answer 87

Non-human readable

Question 88

What are three data classifications?

Answer 88

Organization proprietary, PII, PHI

Question 89

Why are different levels of security classifications applied to data?

Answer 89

They are classified because of the sensitive nature of the data… The more sensitive the data is the higher the classification level and the controls placed on it

Question 90

What are the three states of data?

Answer 90

Data at rest, data in transit, data in use

Question 91

What are three methods to encrypt data at rest?

Answer 91

Whole disk, database file or folder level

Question 92

What protocols are used to encrypt data in transit?

Answer 92

TLS and IPsec

Question 93

What is data sovereignty?

Answer 93

Data that resides in a country is subject to the laws of that country

Question 94

What is GDPR?

Answer 94

General data protection regulation… It is a complex mesh of technology and legalities regarding data collected on EU citizens

Question 95

What is the name for attaching a location Details to data?

Answer 95

Geolocation

Question 96

What are the three types of UPS?

Answer 96

Off-line or standby, line interactive, online or double conversion

Question 97

This type of UPS is lower in cost and lower in backup time it can provide?

Answer 97

Offline or Standby

Question 98

This type of UPS is useful in areas that have brownouts?

Answer 98

Line interactive

Question 99

What can be used to provide long-term power back up?

Answer 99

A generator

Question 100

What are the three types of geographic restrictions for wireless
Communications?

Answer 100

By network location which is based on the IP subnet, Geo location, Geo fencing

Question 101

What are the three types of Geo location and what is their accuracy?

Answer 101

GPS very accurate, 802.11 wireless less accurate, by IP address not not very accurate

Question 102

What is it called when you are automatically allowed or restricted access when in a particular location?

Answer 102

Geo fencing

Question 103

With this type of data protection, everything is encoded into an unreasonable form and will need a key for it to be read?

Answer 103

Encryption

Question 104

In this form of data protection, the represented data is converted into a short string of text that is impossible to be reversed engineered?

Answer 104

Hashing

Question 105

In this form of data protection, we are converting normally readable text into something very difficult to understand?

Answer 105

Obfuscation

Question 106

In this form of data protection, some of the original data is hidden or masked?

Answer 106

Masking

Question 107

And this form of data protection, sensitive data is replaced with a nons sensitive placeholder, and this is commonly used with credit card processing?

Answer 107

Tokenization

Question 108

In this form of data protection, the data is separated and stored in different locations?

Answer 108

Segmentation

Question 109

In this form of data protection, access to an account is controlled?

Answer 109

Permission restrictions

Question 110

In this form of resiliency, two or more servers are combined and appear to operate as one?

Answer 110

Server clustering

Question 111

In this type of resiliency, traffic is distributed across multiple servers that also can be running different operating systems?

Answer 111

Load balancing

Question 112

With this type of resiliency, a recovery site is prepped, and #DATA is synchronized?

Answer 112

Site resiliency

Question 113

With this type of resiliency, an exact replica of software, data and hardware are maintained?

Answer 113

A hot site

Question 114

With this type of resiliency, only a physical site may be chosen, meaning no duplicate hardware software or data is maintained

Answer 114

A cold site

Question 115

With this type of resiliency, a physical site and the hardware needed to run the system is ready and waiting?

Answer 115

A warm site

Question 116

With this type of resiliency, different types of systems are used to run the same application as the risk is distributed across these different environments?

Answer 116

Platform diversity

Question 117

With this type of resiliency, more than one cloud system may be used to spread out the risk?

Answer 117

Multi cloud system

Question 118

What is the disaster planning called?

Answer 118

Continuity of operations planning, COOP

Question 119

What is it called when you are trying to identify the right balance of hardware software and people to build the best infrastructure?

Answer 119

Capacity planning

Question 120

What are the three considerations in capacity planning?

Answer 120

People, technology (pick one that will scale easily), infrastructure

Question 121

What is it called to test yourself before an actual event occurs?

Answer 121

Recovery testing

Question 122

Because a full scale disaster drill can be costly and time-consuming, companies will perform these with key team members and talk through a simulated disaster?

Answer 122

Table top exercise

Question 123

What is it called when a company will build redundant infrastructure that will be used when something negatively impacts the system?

Answer 123

Failover

Question 124

What is it called when you split a process through multiple/parallel CPUs?

Answer 124

Parallel processing

Question 125

What kind of back up is immediately available and generally less expensive?

Answer 125

On site

Question 126

What kind of back up transfers, data over an Internet or WAN Link?

Answer 126

Offsite back up

Question 127

What do organizations use to protect a back up from being easily readable?

Answer 127

Encryption

Question 128

This type of backup became popular with virtual machines and contains a copy of an entire system?

Answer 128

A snapshot

Question 129

What is the type of back up that is almost real time, ongoing, and keeps #DATA synchronized in multiple locations?

Answer 129

Replication

Question 130

What type of back up writes the data into a predefined location prior to writing that data to storage?

Answer 130

Journaling