Architecture And Design . Flashcards

1
Q

What are the three main goals of information security?

A
  • Confidentiality
  • Integrity
  • Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_______ prevents unauthorized disclosure.

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

_______ prevents unauthorized alteration.

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

_______ ensures authorized access.

A

Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security activities must be aligned with…

  • Business Strategy
  • Mission
  • Goals
  • Objectives

(T/F)?

A

True!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What kind of planning is required with the alignment of security activities?

A
  • Strategic
  • Tactical
  • Operational
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security _______ provide templates for security activities.

A

Frameworks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

COBIT, NIST, CSF, and ISO 27001/2 are examples of security frameworks (T/F)?

A

True!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Due _____ is taking reasonable steps to protect the interest of the organization.

A

Care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Due _______ ensures those steps are carried out.

A

Diligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What four things carry out security governance?

A
  • Policies
  • Standards
  • Procedures
  • Guidelines
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This Security Governance…

States high-level objectives and is a MANDATORY COMPLIANCE.

A

Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

This Security Governance…

States detailed technical requirements and is a MANDATORY COMPLIANCE.

A

Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This Security Governance…

Provides step-by-step processes and is a MANDATORY COMPLIANCE.

A

Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This Security Governance…

Offers advice and best practices and is an OPTIONAL COMPLIANCE.

A

Guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Security baselines such as NIST SP800-53, provides standardized set of controls that an organization may use as a benchmark (T/F)?

A

True!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An organization would typically adopt a baseline standard wholesale (T/F)?

A

False!

  • They would tailor a baseline to meet their specific security requirements instead.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does the principle of defense-in-depth say?

A

Organizations should use a variety of overlapping security controls to prevent against the failure of a single control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

When designing overlapping controls, strive for _______ of vendors and control types.

A

Diversity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the three most common zones that firewall deployment topologies use?

A
  • a trusted intranet
  • an untrusted Internet
  • demilitarized zone (DMZ)
  • These networks are often created using a triple-homed firewall.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

When managing security of a system, what operating system security principles do you have to keep in mind?

A
  • Disable unnecessary services and applications.
  • Close unneeded network ports.
  • Disable default accounts and passwords.
  • Apply all security patches.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

When developing new systems, organizations move them through a four-stage process using different environments, what are they?

A
  1. Development - environments where developers create and modify the system.
  2. Test - environments where the system is tested. If flaws are discovered, it is returned to development.
  3. Staging - environments are where approved code is placed, awaiting release to production.
  4. Production - environments contain systems that are currently serving customer needs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The _________ model of software development is fairly rigid, allowing the process to return only to the previous step.

A

Waterfall

24
Q

The ________ model uses a more iterative approach:

  1. Determine Objectives
  2. Identify & resolve risks
  3. Development & Test
  4. Plan the next iteration
A

Spiral

25
Q

Which approach uses a process that values:

  • Individuals & Interactions INSTEAD of processes & tools.
  • Working Software INSTEAD of Comprehensive Documentation.
  • Customer Collaboration INSTEAD of Contract Negotiation.
  • Responding To Change INSTEAD of following a plan.
A

Agile approach

26
Q

In ______ environments many guest systems run on a single piece of hardware.

A

Virtualized

27
Q

The hypervisor is responsible for separating resources used by different guests (T/F)?

A

True!

28
Q

Type ___ hypervisors run directly on the “bare metal.”

A

1

29
Q

Type ___ hypervisors run on a host operating system.

A

2

30
Q

__________ virtualization virtualizes individual software apps instead of entire operating systems.

A

Application

31
Q

When deploying services in the cloud, what THREE major cloud strategies can organizations choose from?

A
  • Software-as-a-Service (SaaS)
  • Infrastructure-as-a-Service (IaaS)
  • Platform-as-a-Service (PaaS)
32
Q

This cloud storage…

Deploys entire applications to the cloud. The customer is only responsible for supplying data and manipulating the application.

A

SaaS

•Software-as-a-Service

33
Q

This cloud storage…

Sells basic building blocks, such as servers and storage. The customer manages the operating system and configured and installs software.

A

IaaS

• Infrastructure-as-a-Service

34
Q

This cloud storage…

Provides the customer with a managed environment to run their own software without concern for the underlying hardware.

A

PaaS

• Platform-as-a-Service

35
Q

Cloud services may be built and/or purchased in several forms, what are they?

A
  • Public Cloud
  • Private Cloud
  • Hybrid Cloud
  • Community Cloud
36
Q

What is a public cloud?

A

Providers sell services to many different customers and many customers may share the same physical hardware.

37
Q

What is a Private Cloud?

A

Environments dedicate hardware to a single user.

38
Q

What is a Hybrid Cloud?

A

Environments combine elements of public cloud but with access restricted to a specific set of customers.

39
Q

What is a Community Cloud?

A

Environments use a model similar to the public cloud but with access restricted to a specific set of customers.

40
Q

When managing the physical environment, you should be familiar with common power issues (T/F)?

A

True

41
Q

Fires require the combination of _____, _____, and _____.

A
  • Heat
  • Oxygen
  • Fuel
42
Q

How many classes are fires are there?

A
  • Class A
  • Class B
  • Class C
  • Class D
43
Q

What types of fires are in each class level (A,B,C, and D).

A
  • Class A: Common combustible fires.
  • Class B: Liquid fires
  • Class C: Electrical fires
  • Class D: Metal fires.
44
Q

____ pipe fire suppression systems always contain water.

A

Wet

45
Q

____ pipe systems that only fill with water when activated.

A

Dry

46
Q

______ systems that fill the pipes at the first sign of fire detection.

A

Preaction

47
Q

Mantraps use a set of double doors to restrict physical access to a facility (T/F) ?

A

True!

48
Q

What manages cooling by aligning data centers so that the front of one row of servers faces the front of the adjacent row (cold aisle) and the backs of servers also face each other (hot aisle).

A

Hot and cold aisle

49
Q

In this type of testing…

The people have full knowlege of the software.

A

White Box Test

50
Q

In this type of testing…

The people have no knowlege.

A

Black Box Test

51
Q

In this type of testing…

The people have partial knowlege.

A

Grey Box Test

52
Q

What are the top 10 security vulnerabilities in web applications, according to OWASP?

A
  1. Injection attacks
  2. Broken authentication
  3. Sensitive data exposure
  4. XML external entities
  5. Broken access control
  6. Security misconfiguration
  7. Cross-site scripting
  8. Insecure deserialisation
  9. Using components with known vulnerabilities.
  10. Insufficient logging and monitoring.
53
Q

In addition to maintaining current and patched platforms, one of the most effective application security techniques is input validation (T/F)?

A

True!

54
Q

What is Input Validation?

A

Ensures that user input matches the expected pattern before using it in code.

55
Q

What is an immutable system?

A

The environment in which an application runs, with no changes to the system. If the system must change, a new system is deployed for the application.

56
Q

What is Baselining?

A

Involves making sure that systems meet a hardened baseline of software and configuration settings. This. ensures that the application is running in a secure state.

57
Q

Match the physical security controls with their use…

___ Used as a physical barrier
___ Used to open a door
___ Used to prevent overheating
___ Used to identify changes in thermal heat

A - Biometric Reader
B - Hot & Cold Aisles
C - Bollards
D - Infrared Detectors

A

C - Used as a physical barrier
A - Used to open a door
B - Used to prevent overheating
D - Used to identify changes in thermal heat