Architecture and Design Flashcards
Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?
Intranet
DMZ
Extranet
DMZ
A DMZ provides a network segment where publicly accessible servers can be deployed without compromising the security of the private network
An organization has a high-speed fiber Internet connection that it uses for most of its daily operations, as well as its offsite backup operations. This represents what security problem?
Single point of failure
Redundant connections
Backup generator
Single point of failure
Having only a single high-speed fiber Internet connection represents the security problem of a single point of failure
A security template can be used to perform all but which of the following tasks?
Capture the security configuration of a master system
Apply security settings to a target system
Return a target system to its precompromised state
Return a target system to its precompromised state
A security template alone cannot return a system to its precompromised state
What technique or method can be employed by hackers and researchers to discover unknown flaws or errors in software?
Dictionary attacks
Fuzzing
War dialing
Fuzzing
Fuzzing is a software-testing technique that generates input for targeted programs. The goal of fuzzing is to discover input sets that cause errors, failures, and crashes, or to discover other unknown defects in the targeted program
What is a security risk of an embedded system that is not commonly found in a standard PC?
Power loss
Access to the Internet
Control of a mechanism in the physical world
Control of a mechanism in the physical world
Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property. This typically is not true of a standard PC. Power loss, Internet access, and software flaws are security risks of both embedded systems and standard PCs
To ensure that whole-drive encryption provides the best security possible, which of the following should not be performed?
Screen lock the system overnight.
Require a boot password to unlock the drive.
Lock the system in a safe when it is not in use.
Screen lock the system overnight.
An attack can steal the encryption key from memory, so systems with whole drive encryption that are only screen-locked are vulnerable. Requiring a boot password, locking the system, and powering down ensure the protection of whole drive encryption
In order to avoid creating a monolithic security structure, organizations should adopt a wide range of security mechanisms. This concept is known as _______.
Defense in depth
Control diversity
Intranet buffering
Control diversity
Control diversity is essential in order to avoid a monolithic security structure. Do not depend on a single form or type of security; instead, integrate a variety of security mechanisms into the layers of defense
When offering a resource to public users, what means of deployment provides the most protection for a private network?
Wireless
Honeynet
DMZ
DMZ
A demilitarized zone (DMZ) is a special-purpose subnet. A DMZ is an area of a network that is designed specifically for public users to access. If the DMZ (as a whole or as individual systems within the DMZ) is compromised, the private LAN isn’t necessarily affected or compromised
When you are implementing a security monitoring system, what element is deployed in order to detect and record activities and events?
Correlation engine
Tap
Sensor
Sensor
A sensor is a hardware or software tool used to monitor an activity or event in order to record information or at least take notice of an occurrence
When an enterprise is using numerous guest OSs to operate their primary business operations, what tool or technique can be used to enable communications between guest OSs hosted on different server hardware but keep those communications distinct from standard subnet communications?
VPN
SDN
EMP
SDN
Software-defined networking (SDN) is a unique approach to network operation, design, and management. A virtualized network or network virtualization is the combination of hardware and software networking components into a single integrated entity. SDN offers a new network design that is directly programmable from a central location, is flexible, is vendor neutral, and is open standards–based. Another way of thinking about SDN is that it is effectively network virtualization. It allows data transmission paths, communication decision trees, and flow control to be virtualized in the SDN control layer rather than being handled on the hardware on a per-device basis
What type of OS is designed for public end-user access and is locked down so that only preauthorized software products and functions are enabled?
Kiosk
Appliance
Mobile
Kiosk
A kiosk OS is either a stand-alone OS or a variation of an NOS. A kiosk OS is designed for end-user use and access. The end user might be an employee of an organization or might be anyone from the general public. A kiosk OS is locked down so that only preauthorized software products and functions are enabled
When you need to test new software whose origin and supply chain are unknown or untrusted, what tool can you use to minimize the risk to your network or workstation?
Hardware security module
UEFI
Sandboxing
Sandboxing
Sandboxing is a means of quarantine or isolation. It’s implemented to restrict new or otherwise suspicious software from being able to cause harm to production systems. It can be used against applications or entire OSs
What is the concept of a computer implemented as part of a larger system that is typically designed around a limited set of specific functions (such as management, monitoring, and control) in relation to the larger product of which it’s a component?
Application appliance
SoC
Embedded system
Embedded system
An embedded system is a computer implemented as part of a larger system. The embedded system is typically designed around a limited set of specific functions in relation to the larger product of which it’s a component. It may consist of the same components found in a typical computer system, or it may be a microcontroller
What is an industrial control system (ICS) that provides computer management and control over industrial processes and machines?
SCADA
HSM
OCSP
SCADA
Supervisory control and data acquisition (SCADA) is a type of industrial control system (ICS). An ICS is a form of computer management device that controls industrial processes and machines. SCADA is used across many industries, including manufacturing, fabrication, electricity generation and distribution, water distribution, sewage processing, and oil refining. A SCADA system can operate as a stand-alone device, be networked together with other SCADA systems, or be networked with traditional IT systems
Which SDLC model is based around adaptive development where focusing on a working product and fulfilling customer needs is prioritized over rigid adherence to a process, use of specific tools, and detailed documentation?
Waterfall
Agile
Spiral
Agile
Agile is based around adaptive development, where focusing on a working product and fulfilling customer needs is prioritized over rigid adherence to a process, use of specific tools, and detailed documentation. Agile focuses on an adaptive approach to development, supports early delivery, and provides continuous improvement, along with flexible and prompt response to changes
