Architecture and Design Flashcards
The primary reason nicknames are not allowed in naming conventions?
Is because they do not properly identify the user and make the user’s actions more anonymous and less auditable.
What is a honeynet?
It is a group of honeypots that mimic the functionality of a network. Once the honeynet has been penetrated by the attacker, administrators can observe the actions and gather information on the event.
What is a honeypot?
It is a server that is intentionally left open or available, so that an attacker will be drawn to it versus a live network.
What is a mantrap?
is a physical security control designed to control access to secure areas. Mantraps provide the capability to lock a single person in an area if needed.
What is a cold site?
A cold site is an alternate location where a network can be rebuilt after a disaster has occurred. A cold site can take some time to implement, as systems and assets (including data) are not readily configured and available for full use.
What is a warm site?
A warm site is a dormant alternate location, or a location that performs noncritical functions under normal conditions, but can be rapidly converted to a main operations site with minimal effort.
What is a hot site?
A hot site is a fully configured alternate network that can be quickly brought online after a disaster. With a hot site, systems and data are usually up-to-date.
What is a standard naming convention?
A standard naming convention is a defined set of rules for choosing the character sequence to be used for identification in coding. A standard naming convention reduces the effort in code reviews and programming error.
What is Code signing?
Code signing is a certificate-based digital signature to sign executables. It proves authentication and integrity but is not applicable to this situation.
What is a Hardware Security Module (HSM) ?
A Hardware Security Module (HSM) is a device used to generate, maintain and store cryptographic keys. It can be an external device and can easily be added to a system. The HSM will maintain the integrity of the key.
What is a The Trusted Platform Module (TPM)?
is a hardware-based encryption solution that is embedded in the system and provides secure key storage for full disk encryption.
What is a hardware root of trust?
Is a known secure starting point by embedding a private key in the system. The key remains private until the public key is matched.
What is “data at rest”?
Means that the data is in some sort of persistent storage media. Examples of data include financial information stored in databases, archived audiovisual media, system configuration data, etc.
What is “data in transit”?
Is when data is transmitted over a network. The data can be sent over the WAN to its final location through a VPN.
What is “data in use” state?
It’s present in volatile memory, such as system RAM or CPU cache. Examples of types of data may be an open document in a word processing application or a database data that is currently being modified.
What is Tokenization?
is a database de-identification method where all or part of data in a field is substituted with a randomly generated token. The token is stored with the original value separate to the production database.
What does Data sovereignty describe?
Data sovereignty describes the sociopolitical outlook of a nation concerning computing technology and information.
Some nations may respect data privacy more or less than others. Care needs to be considered when storing such data.
How many characters are in md5 hash?
32
What is Software Defined Network (SDN)
It separates data and control planes in a network. It uses virtualization to route traffic to its intended destination, instead of using proprietary hardware.
What is edge computing?
It’s a distributed model that is accomplished at or near the source of the data where it is needed. These devices perform early processing of data to and from edge devices to enable prioritization.
What is Fog computing?
Fog computing is the placement of a node or nodes for processing resources close to the physical location of Internet of things (IoT) sensors.
The fog node prioritizes traffic, analyzes and remediates conditions, and backhauls remaining data to the data center for storage and analysis.
What is Virtualization sprawl?
Virtualization sprawl is a phenomenon that occurs when the number of VM’s on a network reaches a point where the administrator can no longer manage them effectively.
What is Type 1 hypervisor?
Type 1 hypervisors run directly on hardware system hardware. They do not require operating system involvement.
What does Platform as a Service (PaaS) provide?
Platform as a Service (PaaS) provides pre-configured environments for developing and managing environments. The service provides on-demand computing.
What is Elasticity?
Elasticity is the ability to resize an environment based on the load. Elasticity is a part of virtualization and can reduce costs. A user can increase or decrease resources as necessary. It is commonly used with cloud technologies.
What do Integrity measurements do?
(network)
Integrity measurements are done to identify baseline deviations.
Automated tools continuously monitor the system for any baseline changes. If changes are found, Group Policy will force the system back to its original state.
What is Continuous deployment?
Continuous deployment is the process of delivery of software to a production environment using automation, which reduces the software development lifecycle.
What is Continuous delivery?
Continuous delivery is an agile software engineering approach that allows for the building, testing, and releasing of software with greater speed and frequency.
This provides the customer a continuous product.
What is Continuous integration?
Continuous integration is the process of merging code changes into a central repository where the software is then built and tested on a continuous basis in development.
What is DevSecOps?
DevSecOps is an agile-like process that continually focuses on security. It also demands continuous interaction between stakeholders but keeps security as a focus throughout the development.
What is Normalization in databases?
Normalization is used to optimize database performance by removing duplicates, use of primary keys, and related data contained in separate tables.
What is Server-Side Validation?
Server-side validations occur on the web server or back-end and take more time to complete. Validation on the server side is more secure than client-side validation.
What does Version Control do?
Version control tracks the versions of software in real-time. It will record who has accessed the code, and what was changed. Version Control also allows for rollback if necessary.
What is Change management?
Change management is a process that follows a change to a system from identification to implementation. It is used for controlled identification and implementation of required changes within a computer system.
What is Provisioning?
Provisioning is the process of procuring, configuring and making available, an application or system on certain services. Provisioning an application allows it to run on its intended platform.
What is Security Automation?
As new code is introduced to an application, security testing is important to check for bugs and vulnerabilities. Automating security testing ensures defects are not introduced in systems.
What are the ateps Software Development Life Cycle (SDLC) of a project?
The software development lifecycle (SDLC) of a project consists of the following attributes: defining requirements, design, implementation, verification, and maintenance.
What is Model verification?
Model verification is testing to ensure the software meets the customers functional and physical requirements.
