Architecture and Design (1) Flashcards
Bobby’s management has asked him to explore an alternate site solution that can be operational somewhat quickly when needed but does not require duplication of the primary network. What is the best solution?
Hot site
Cold site
Warm site
Warm site
A warm site is Bobby’s best choice, as it can be prewired for systems to become operational quickly but still requires systems to be moved or purchased if a disaster does occur
__________ is a data protection approach that obfuscates sensitive data by substituting it with a different value (“dummy” value), available to unauthorized users.
Data masking
Data obfuscation
Data transference
Data masking
Data masking is a data protection approach that obfuscates sensitive data by substituting it with a different value (“dummy” value), available to unauthorized users
SAN storage security often implements the concept of __________, which allows segmentation of data by classifications and restriction of that data by device.
masking
encryption
zones
zones
Storage area network (SAN) storage security often implements the concept of zones, which allows segmentation of data by classifications and restriction of that data by device
Barbara needs to destroy a set of sensitive printed documents. Her management tasks her to find the most secure solution, as shredding is not up to standard. Which of the following is the best option?
Degaussing
Pulverizing
Washing
Pulverizing
Of the options presented, pulverizing, which would reduce the printed documents to dust, is the best option
You have been tasked by your manager with performing an evaluation of the benefits of using virtualization in your quality assurance (QA) testing environment. Which of the following is an advantage of using virtual machines in terms of security and cost efficiency?
It reduces the need to install operating system software updates.
Multiple operating systems can be installed and run in their own separate, secure area on a single hardware device.
Antivirus and other security software must be installed only once.
Multiple operating systems can be installed and run in their own separate, secure area on a single hardware device.
Virtual machines all run in their own separate and isolated area on the system as if they were each on a separate physical machine. This greatly increases security because any issues arising in one VM will not affect another VM. This also allows multiple operating systems to be installed on the same physical hardware, which saves money by avoiding the need to buy multiple hardware systems
Sam’s manager is fed up with managing the dozens of service providers across the corporate portfolio and tasks Sam with finding the best way to provide a seamless view to the corporation’s users. What is the best option?
Security information and event management (SIEM)
Services integration and management (SIAM)
Managed service provider (MSP)
Services integration and management (SIAM)
Services integration and management (SIAM) providers can be hired to corral the corporation’s entire services chain and manage it for ease of use
As part of your application-hardening process, which of the following activities helps to prevent existing vulnerabilities in applications from being exploited?
Exception handling
Fuzzing
Updating to the latest software version or patch
Updating to the latest software version or patch
Application vendors will release updated software versions of their products or provide a security patch to resolve any security vulnerabilities in previous versions of the software. It is a best practice to always keep your application software up to date
Which of the following is not part of the secure deployment process?
Testing (TEST)
Quality control/quality assurance (QC/QA)
Sandbox (SAND)
Sandbox (SAND)
A sandbox allows for malicious code testing as well as preventing legitimate code from conducting unexpected activities that could cause harm, but it is not part of the secure deployment process
__________ is the design of a database to remove redundancies and improve integrity through simplification of the design.
Normalization
Anonymization
Masking
Normalization
Normalization is the design of a database to remove redundancies and improve integrity through simplifying the design
You are tasked with setting up a single sign-on authentication system for a large enterprise network of 5000 users. Which of the following is the best option?
Local login and password database
Login and password with a security token
Authenticated access to an LDAP database
Authenticated access to an LDAP database
An LDAP server provides a centralized directory that can be used to securely authenticate a user to multiple services on the same network. This is the most efficient and secure method for a large network of 5000 users. Other methods would require tedious configuration and management of each individual user
Bobby is tasked with creating a high-security authentication system for physical access control to a military installation. Which of the following authentication systems would be most appropriate?
Smart card and PIN
Security badge and guard
Biometric eye scanner
Smart card and PIN
Of the examples, the smart card (something you have) and the PIN (something you know) combine as a multifactor authentication solution that is more robust than single-factor solutions
A web services provider wants to improve its security through the implementation of two-factor authentication. What would be the most likely authentication method?
TOTP
SIEM
TACACS
TOTP
Time-based One-time Passwords (TOTPs) allow users to log in to a system with a username and password combination and then a one-time token, usually generated from a separate device
After a user is identified and authenticated to the system, what else must be performed to enable the user to use a resource?
Authorization
Authentication by token
Encryption of network access
Authorization
Although a user has been given access to log in to the network, the user still needs to be authorized to use a particular resource based on access permissions