Architecture & Design Flashcards

Question 1

Q

Penalty Types

Answer

A

Criminal
Civil
Administrative
Private Regulations

Question 2

Q

Sources of Industry Standards

Answer

A

Vendors
Government Agencies
Independent/Consulting Agencies

Question 3

Q

Define Defense in Depth

Answer

A

Multiple layers of overlapping security controls

Question 4

Q

Security Control Types by Method

Answer

A

Technical
Administrative
Physical

Question 5

Q

Examples of Technical Controls

Answer

A

DLP Systems
NIDS/NIPS
Firewall

Question 6

Q

Examples of Administrative Controls

Answer

A

Background Investigations
NDAs
Security Training and Awareness

Question 7

Q

Examples of Physical Controls

Answer

A

Fences/Cages
Locks
Smart Cards
Man Traps
Video Surveillance
Bollards
Lighting
Signs

Question 8

Q

Vendor Diversity Issues

Answer

A

Lack of Innovation

Technical Inefficiencies

Question 9

Q

Security Training and Awareness Methods

Answer

A

Classroom
Orientation
Online
Vendor
Surveys
Reminders

Question 10

Q

Information Classification Factors

Answer

A

Sensitivity

Criticality

Question 11

Q

Military Classification System

Answer

A

Top Secret
Secret
Confidential
Unclassified

Question 12

Q

Business Classification

Answer

A

Highly Sensitive
Sensitive
Internal
Public

Question 13

Q

Compliance Obligations

Answer

A

Laws
Regulations
Standards

Question 14

Q

Password Factors

Answer

A

Complexity
Length
History
Minimum age
Expiration

Question 15

Q

Define Tailgating/Piggybacking

Answer

A

Unauthorized access to a facility by following another credentialed user when they enter

Question 16

Q

Security Zones

Answer

A

Intranet
Internet
DMZ
Extranets
Honeynets
Ad Hoc
MANET
WIFI Direct

Question 17

Q

Define Intranet

Answer

A

Companies internal network

Question 18

Q

Define Internet

Answer

A

Public external network

Question 19

Q

Define DMZ

Answer

A

Demilitarized Zone, typically an organizations public facing assets separated from internal assets for security purposes

Question 20

Q

Define Extranets

Answer

A

Shared networks between separate organizations

Question 21

Q

Define Honeynets

Answer

A

Decoy networks for gaining threat intelligence on attackers

Question 22

Q

Define Ad Hoc Networks

Answer

A

Temporary networks for specific usage

Question 23

Q

Private IP Address Ranges

Answer

A

0.0.1-10.255.255.255
16.0.1-172.31.255.255
168.0.1-192.168.255.255

Question 24

Q

Define Static NAT

Answer

A

Translate private to public IP addresses (or visa versa) on a one-to-one basis

Question 25

Q

Define Dynamic NAT

Answer

A

Translate private to public IP addresses (or visa versa) over multiple public and/or private addresses

Question 26

Q

Define PAT

Answer

A

Port Address Translation, allows systems to share a public IP address over ports

Question 27

Q

Convert 192.168.1.0/24 to Subnet Mask Notation

Answer

A

IP Address 192.168.1.0

Subnet Mask 255.255.255.0

Question 28

Q

Define SDN

Answer

A

Software Defined Networking

Question 29

Q

SDN Layers

Answer

A

Application Layer
Control Layer
Physical Layer

Question 30

Q

Database Encryption Types at Rest

Answer

A

HSM
TPM
SED

Question 31

Q

UEFI Features

Answer

A

Secure Boot
Remote Attestation
Hardware Root of Trust

Question 32

Q

Software Deployment Environments

Answer

A

Developer
Test
Staging
Production

Question 33

Q

Embedded Systems Benefits

Answer

A

Cost
Size
Manageability

Question 34

Q

ICS Types

Answer

A

SCADA
DCS
PLC

Question 35

Q

Define ICS

Answer

A

Industrial Control Systems

Question 36

Q

Define SCADA

Answer

A

Supervisory Control and Data Acquisition; remote monitoring, telemetry, and report back

Question 37

Q

Define DCS

Answer

A

Distributed Control Systems; process control

Question 38

Q

Define PLC

Answer

A

Programmable Logic Controller; specialized input/output for human interaction

Question 39

Q

Define IoT

Answer

A

Internet of Things; smart tech for general consumer goods

Question 40

Q

IoT Protection Methods

Answer

A

Firmware Updates
Security Wrappers
Segmentation
Air Gap
Application Firewalls

Question 41

Q

Define Air Gap

Answer

A

Networks with no external network connection

Question 42

Q

Development Methodologies

Answer

A

Waterfall
Spiral
Agile

Question 43

Q

Explain the Waterfall Model

Answer

A

Rigid step based process

Question 44

Q

Explain the Spiral Model

Answer

A

Phased approach; Determine requirements, risks, begin, develop and test

Question 45

Q

Explain the Agile Model

Answer

A

Flexible approach for external input integration

Question 46

Q

Software Capitalization Maturity Model

Answer

A

Initial
Repeatable
Defined
Managed
Optimizing

Question 47

Q

IDEAL Model

Answer

A

Initializing
Diagnosing
Establishing
Action
Learning

Question 48

Q

Purpose of Code Repositories

Answer

A

Store code
Coordination
Version Control
Code Reuse
Avoid Dead Code

Question 49

Q

Code Signing Process

Answer

A

Obtain Digital Certificate
Assign key to code
OS verifies hash of code with CA

Question 50

Q

Software Testing Types

Answer

A

Stress test
UAT
Regression Testing

Question 51

Q

Define Software Stress Testing

Answer

A

Testing using automated scripts for multiple and/or simultaneous input validation

Question 52

Q

Define UAT

Answer

A

User Acceptance Testing, also referred to as “Beta testing”

Question 53

Q

Define Regression Testing

Answer

A

Correctional bug fixes

Checking for accidental changes

Question 54

Q

Fagen Inspection Steps

Answer

A

Planning
Overview
Preparation
Meeting
Rework
Follow Up

Question 55

Q

Define Static Software Testing

Answer

A

Examine code for common errors without executing script

Question 56

Q

Define Dynamic Software Testing

Answer

A

Execute code with provided inputs

Question 57

Q

Define Fuzzing

Answer

A

Expose security problems by providing invalid, unexpected, or random data inputs

Question 58

Q

Fuzzing Input Methods

Answer

A

Developer supplied
Script Generation
Mutation testing

Question 59

Q

Code Execution Types

Answer

A

Interpreted

Compiled

Question 60

Q

Define Interpreted Code

Answer

A

Code executed as written

Question 61

Q

Define Compiled Code

Answer

A

Code compiled into an executable file

Question 62

Q

Types of Hypervisors

Answer

A

Type 1; “Bare Metal”

Type 2; OS

Question 63

Q

Virtual Machine Security Concerns

Answer

A

VM Sprawl

VM Escape

Question 64

Q

Cloud Computing Models

Answer

A

Private
Public
Hybrid

Answer 65

A

SaaS
IaaS
PaaS

Answer 66

A

Applications
OS
Hardware
Data Center

Answer 67

A

OS
Hardware
Data Center

Answer 68

A

Hardware

Data Center

Answer 69

A

Encryption

Access Controls

Answer 70

A

Cloud Access Security Broker

Answer 71

A

Network Based; intercept (Forward/Reverse Proxy)

API Based; monitor

Answer 72

A

Virtual Desktop Infrastructure

Answer 73

A

Data Centers
Server Rooms
Media Storage
Wiring Closets
Operation Centers

Answer 74

A

64.4-86 F

Answer 75

A

41.9-50.0 F (40-60% humidity)

Answer 76

A

Air flow:
Intake cold air to servers
Exhaust back end

Answer 77

A

Heat
Fuel
Oxygen

Answer 78

A

A, B, C, D, K

Answer 79

A

Combustibles

Answer 80

A

Petroleum Based Products

Answer 81

A

Electrical

Answer 82

A

Grease, cooking oils

Answer 83

A

Wet Pipe Systems
Dry Pipe Systems
Chemical Suppressants

Answer 84

A

Electromagnet Interference

Answer 85

A

Faraday Cage
Protective Distribution Systems (PDS)
Ethernet port locking devices
Encryption (may bog down infrastructure)

Answer 86

A

Deterrent
Preventative
Detective
Corrective

Answer 87

A

Encryption

Asset Tracking

Answer 88

A

Confidentiality; sanitization of no longer used resources

Answer 89

A

Mobile Ad Hoc Network

Answer 90

A

Application Programming Interface Cloud Access Security Broker;
out-of-band solution which improves network performance but reduces CASB response time

Answer 91

A

NIST
CIS Control
COBIT
FedRAMP
COPPA

Answer 92

A

Basel III
PCI-DSS
HIPAA
FISMA
GLBA

Answer 93

A

International Financial Institutions

Answer 94

A

Payment Card Industry Data Security Standard; Credit Cards

Answer 95

A

Health Insurance Portability and Accountability Act; healthcare PHI

Answer 96

A

Federal Information Security Modernization Act; Government and Disaster Relief

Answer 97

A

Gramm-Leach-Bliley Act; United States Financial Institutions

Answer 98

A

Federal Risk and Authorization Management Program; Cloud services across executive departments and agencies

Answer 99

A

Children’s Online Privacy Protection Act; online privacy of children under 13 in the USA

Answer 100

A

Center for Internet Security Controls; IoT security

Answer 101

A

National Institute of Standards and Technology; generic cyber security risk mitigation

Answer 102

A

Control Objectives for Information and Related Technologies; business process related to technology and quality control of information

Answer 103

A

Regular Snapshots
Harden VM image (i.e. reduce attack surface)
Sandboxing

Answer 104

A

Encryption and Decryption of data should be distributed
Use secure keys to encrypt data of any kind
Encrypted data using old keys should be kept as is
Use multiple encryption standards

Answer 105

A

Warning
Remove access/permissions
Backup
De-provision

Answer 106

A

VM image library
VM life cycle management tools
Limit VM creation permissions

Answer 107

A

Configuration validation using generated reports. Do not create, configure, or publish.

Answer 108

A

Improve performance

Data redundancy

Answer 109

A

Flexible OS support

Flexible web browsers support

Answer 110

A

Faster performance

More secure

Answer 111

A

Bluetooth

Firmware

Answer 112

A

Monitor network for breaches
Take immediate action to overcome breaches
Update security policies on multiple servers

Answer 113

A

UTP (Shortest lengths and least resistant to EMI, $)
STP
Coaxial
Fiber Optic (Longest lengths and most resistant to EMI, $$$)

Answer 114

A

NAT
NAT Network
Bridged Adapter
Internal Network
Host-Only Network

Answer 115

A

VM can communicate to the internet via the host

Each guest has it’s own separate network

Answer 116

A

VM can communicate to the internet and other VMs on host network

Answer 117

A

VM share host’s network adapter and participate directly with host’s network. DHCP is controlled by host’s network.

Answer 118

A

VMs can only communicate with each other

Answer 119

A

VMs can only communicate with host and each other

Answer 120

A

IT Projects managed outside of or without the knowledge of the IT department

Answer 121

A

Protect system and data from unauthorized access

Answer 122

A

Assess vendors hardware and software supply chain for availability and risks

Answer 123

A

Purchasing more machines to distribute the load

Answer 124

A

Awareness

Management support

Answer 125

A

Fence
Cage
Firewall
Border Router
IDS
IPS

Answer 126

A

Antivirus
Cable lock
System hardening

Answer 127

A

Provide optimal control over coherence, security, accuracy, and comprehensibility during SDLC

Answer 128

A

No Default authentication
No Default Access Controls
Most do not use encryption at rest or in transit
*Less susceptible to SQL injection

Answer 129

A

Host system auditing capabilities

Answer 130

A

Transfers an attacker into simulated, safe environment where no critical data is stored

Answer 131

A

Apply and test in lab environment
Deploy to a set of systems (i.e. a department)
Deploy system-wide

Answer 132

A

WSUS

Group Policy

Answer 133

A

Encrypts entire hard drive

Answer 134

A

C:\ volume
Master boot record
*External media will remain unencrypted (i.e. thumb drives)

Answer 135

A

Collection of electronic emissions for eavesdropping

Answer 136

A

Stateless packet filtering
Stateful Circuit-level (layer 5)
Application Level (level 7)

Answer 137

A

IP address

Port number

Answer 138

A

OSI Layer 7
Stops and inspects each packet
Inspects encrypted packets
Examines entire content
Interface with other application layer protocol
Can filter based on user, group, and data
Slowest form of firewall

Answer 139

A

L2TP (employs IPsec)
PPP (uses PAP)
PPTP (uses CHAP)
L2F

Answer 140

A

Connect networks between buildings wirelessly

Answer 141

A

WiMAX implementation of IEEE committee for metropolitan WAN

Answer 142

A

Remote Access Service; enables users to remotely dial in to a server

Answer 143

A

Server consolidation
Migrate systems between hardware
Increase utilization of hardware resources
Isolation of systems and applications

Answer 144

A

Compromise of host system or hardware failure could effect multiple guest systems

Answer 145

A

Logical grouping of LANs,
Simplify device moves,
Control broadcast traffic and create collision domains based on logic,
Control security,
Load balance network traffic

Answer 146

A

Routers

Layer 3 Switches

Answer 147

A

Removes individual control planes on networking devices and replaces with a single control plane

Answer 148

A

Facilitates communication between virtual machines by checking data packets before moving them to destination

Answer 149

A

VM support unlimited number of VLAN,
Multiple VLAN can be associated with a single network adapter,
VLAN is dependent on host configuration, OS, and hardware,
Network access depends on OS as a part of the network

Answer 150

A

Distributed resources acting as one federated cooperative storage,
High fault tolerance through redundancy and distribution of data,
Highly durable through creation of versioned copies

Answer 151

A

Contract between two organizations to share resources in the event of a disaster

Brainscape's Knowledge GenomeTM

Architecture & Design Flashcards

Brainscape's Knowledge Genome^TM