Architecture and Design Flashcards
Which of the following allows the deployment of a publicly accessible web server without compromising the security of the private network?
Intranet
DMZ
Extranet
DMZ
A DMZ provides a network segment where publicly accessible servers can be deployed without compromising the security of the private network
An organization has a high-speed fiber Internet connection that it uses for most of its daily operations, as well as its offsite backup operations. This represents what security problem?
Single point of failure
Redundant connections
Backup generator
Single point of failure
Having only a single high-speed fiber Internet connection represents the security problem of a single point of failure
A security template can be used to perform all but which of the following tasks?
Capture the security configuration of a master system
Apply security settings to a target system
Return a target system to its precompromised state
Return a target system to its precompromised state
A security template alone cannot return a system to its precompromised state
What technique or method can be employed by hackers and researchers to discover unknown flaws or errors in software?
Dictionary attacks
Fuzzing
War dialing
Fuzzing
Fuzzing is a software-testing technique that generates input for targeted programs. The goal of fuzzing is to discover input sets that cause errors, failures, and crashes, or to discover other unknown defects in the targeted program
What is a security risk of an embedded system that is not commonly found in a standard PC?
Power loss
Access to the Internet
Control of a mechanism in the physical world
Control of a mechanism in the physical world
Because an embedded system is in control of a mechanism in the physical world, a security breach could cause harm to people and property. This typically is not true of a standard PC. Power loss, Internet access, and software flaws are security risks of both embedded systems and standard PCs
To ensure that whole-drive encryption provides the best security possible, which of the following should not be performed?
Screen lock the system overnight.
Require a boot password to unlock the drive.
Lock the system in a safe when it is not in use.
Screen lock the system overnight.
An attack can steal the encryption key from memory, so systems with whole drive encryption that are only screen-locked are vulnerable. Requiring a boot password, locking the system, and powering down ensure the protection of whole drive encryption
In order to avoid creating a monolithic security structure, organizations should adopt a wide range of security mechanisms. This concept is known as _______.
Defense in depth
Control diversity
Intranet buffering
Control diversity
Control diversity is essential in order to avoid a monolithic security structure. Do not depend on a single form or type of security; instead, integrate a variety of security mechanisms into the layers of defense
When offering a resource to public users, what means of deployment provides the most protection for a private network?
Wireless
Honeynet
DMZ
DMZ
A demilitarized zone (DMZ) is a special-purpose subnet. A DMZ is an area of a network that is designed specifically for public users to access. If the DMZ (as a whole or as individual systems within the DMZ) is compromised, the private LAN isn’t necessarily affected or compromised
When you are implementing a security monitoring system, what element is deployed in order to detect and record activities and events?
Correlation engine
Tap
Sensor
Sensor
A sensor is a hardware or software tool used to monitor an activity or event in order to record information or at least take notice of an occurrence
When an enterprise is using numerous guest OSs to operate their primary business operations, what tool or technique can be used to enable communications between guest OSs hosted on different server hardware but keep those communications distinct from standard subnet communications?
VPN
SDN
EMP
SDN
Software-defined networking (SDN) is a unique approach to network operation, design, and management. A virtualized network or network virtualization is the combination of hardware and software networking components into a single integrated entity. SDN offers a new network design that is directly programmable from a central location, is flexible, is vendor neutral, and is open standards–based. Another way of thinking about SDN is that it is effectively network virtualization. It allows data transmission paths, communication decision trees, and flow control to be virtualized in the SDN control layer rather than being handled on the hardware on a per-device basis
What type of OS is designed for public end-user access and is locked down so that only preauthorized software products and functions are enabled?
Kiosk
Appliance
Mobile
Kiosk
A kiosk OS is either a stand-alone OS or a variation of an NOS. A kiosk OS is designed for end-user use and access. The end user might be an employee of an organization or might be anyone from the general public. A kiosk OS is locked down so that only preauthorized software products and functions are enabled
When you need to test new software whose origin and supply chain are unknown or untrusted, what tool can you use to minimize the risk to your network or workstation?
Hardware security module
UEFI
Sandboxing
Sandboxing
Sandboxing is a means of quarantine or isolation. It’s implemented to restrict new or otherwise suspicious software from being able to cause harm to production systems. It can be used against applications or entire OSs
What is the concept of a computer implemented as part of a larger system that is typically designed around a limited set of specific functions (such as management, monitoring, and control) in relation to the larger product of which it’s a component?
Application appliance
SoC
Embedded system
Embedded system
An embedded system is a computer implemented as part of a larger system. The embedded system is typically designed around a limited set of specific functions in relation to the larger product of which it’s a component. It may consist of the same components found in a typical computer system, or it may be a microcontroller
What is an industrial control system (ICS) that provides computer management and control over industrial processes and machines?
SCADA
HSM
OCSP
SCADA
Supervisory control and data acquisition (SCADA) is a type of industrial control system (ICS). An ICS is a form of computer management device that controls industrial processes and machines. SCADA is used across many industries, including manufacturing, fabrication, electricity generation and distribution, water distribution, sewage processing, and oil refining. A SCADA system can operate as a stand-alone device, be networked together with other SCADA systems, or be networked with traditional IT systems
Which SDLC model is based around adaptive development where focusing on a working product and fulfilling customer needs is prioritized over rigid adherence to a process, use of specific tools, and detailed documentation?
Waterfall
Agile
Spiral
Agile
Agile is based around adaptive development, where focusing on a working product and fulfilling customer needs is prioritized over rigid adherence to a process, use of specific tools, and detailed documentation. Agile focuses on an adaptive approach to development, supports early delivery, and provides continuous improvement, along with flexible and prompt response to changes
When an organization wishes to automate many elements and functions of IT management, such as development, operations, security, and quality assurance, they are likely to be implementing which of the following?
SCADA
UTM
DevOps
DevOps
DevOps, or development and operations, is a new IT movement where many elements and functions of IT management are being integrated into a single automated solution. DevOps typically consists of IT development, operations, security, and quality assurance
What is not a cloud security benefit or protection?
CASB
SECaaS
VM sprawl
VM sprawl
VM sprawl occurs when an organization deploys numerous virtual machines without an overarching IT management or security plan in place. Although VMs are easy to create and clone, they have the same licensing and security management requirements as a metal installed OS. Uncontrolled VM creation can quickly lead to a situation where manual oversight is unable to keep up with system demand
What form of cloud service provides the customer with the ability to run their own custom code but does not require that they manage the execution environment or operating system?
SaaS
PaaS
IaaS
PaaS
Platform as a service (PaaS) is the concept of providing a computing platform and software solution stack to a virtual or cloud-based service. Essentially, it involves paying for a service that provides all the aspects of a platform (that is, OS and complete solution package). A PaaS solution grants the customer the ability to run custom code of their choosing without needing to manage the environment
What recovery mechanism is used to return a system back to a previously operating condition when a new software install corrupts the operating system?
Revert to known state
Roll back to known configuration
Live boot media
Revert to known state
Revert to known state is a type of backup or recovery process. Many databases support a known state reversion in order to return to a state of data before edits or changes were implemented. Some systems will automatically create a copy of a known state in order to provide a rollback option, whereas others may require a manual creation of the rollback point
What type of security mechanism can be used to prevent a vehicle from damaging a facility?
Fencing
Lighting
Bollard
Bollard
Barricades, in addition to fencing (discussed earlier), are used to control both foot traffic and vehicles. K-rails (often seen during road construction), large planters, zigzag queues, bollards, and tire shredders are all examples of barricades. When used properly, they can control crowds and prevent vehicles from being used to cause damage to your building
