CH 14 - Security Architecture & Design Flashcards

1
Q

Which of the security triad properties does the Biba security model relate to?

A. Confidentiality
B. Integrity
C. Availability
D. All of them

A

B.
Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How many tiers are there in an n‐tier application design?

A. Two
B. Three
C. Four
D. Depends on the application

A

D.
Depends on the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What type of database may JSON be most likely to represent?

A. Relational
B. SQL
C. Key‐value
D. Document‐based

A

C.
Key‐value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How many functions are specified by NIST’s cybersecurity framework?

A. None
B. Three
C. Five
D. Four

A

C.
Five

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many steps are there in the ISO 27001 cycle?

A. Two
B. Three
C. Four
D. Five

A

C.
Four

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the highest level of classification used by the U.S. government?

A. Top secret
B. Confidential
C. Restricted
D. Eyes only

A

A.
Top secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of these is microservices a specific implementation of?

A. Service object architecture
B. Micro Channel architecture
C. Microservices architecture
D. Service‐oriented architecture

A

D.
Service‐oriented architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an application referred to if it is only using AWS Lambda functions?

A. Service‐oriented
B. Virtualized
C. Serverless
D. Infrastructure as a service

A

C.
Serverless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the Clark–Wilson model use to refer to objects?

A. UTI and CDI
B. CDI and CTI
C. UDI and CDI
D. UTI and UDI

A

C.
UDI and CDI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What type of application virtualization would you use without going all the way to using a hypervisor?

A. Emulation
B. AWS
C. Paravirtualization
D. Containers

A

D.
Containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the first function specified by NIST in its Cybersecurity Framework?

A. Identify
B. Protect
C. Risk management
D. Defend

A

A.
Identify

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a common middle tier in an n‐tier application design?

A. Web server
B. Database server
C. Logic server
D. Application server

A

D.
Application server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a common open source relational database server that may be used in web applications?

A. MongoDB
B. MySQL
C. SQL
D. Oracle

A

B.
MySQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is true about the Bell–LaPadula Simple Security Property?

A. A subject cannot write up to an object.
B. A subject cannot write down to an object.
C. A subject cannot read up to an object.
D. A subject cannot read down to an object.

A

C.
A subject cannot read up to an object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the phases of the ISO 27001 cycle?

A. Plan, Identify, Act, Detect
B. Plan, Detect, Act, Do
C. Act, Do, Identify, Play
D. Plan, Do, Check, Act

A

D.
Plan, Do, Check, Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an essential element of a zero‐trust architecture?

A. Cloud‐based applications
B. Multifactor authentication
C. Virtual private networks
D. Virtual desktop interfaces

A

B.
Multifactor authentication

17
Q

What type of processing does serverless computing typically use?

A. Parallel
B. Procedural
C. Event‐driven
D. Functional

A

C.
Event‐driven

18
Q

Which of these would be the best approach to implementing multifactor authentication in a zero‐trust model?

A. SMS
B. Push‐based approval
C. Username / password
D. OTP

A

D.
OTP

19
Q

What is the Cyber Kill Chain used for?

A. Identifying attackers
B. Defining monitoring actions
C. Describing an attack process
D. Developing command and control systems

A

C.
Describing an attack process

20
Q

What software may be helpful in keeping workstations protected in a zero‐trust design if they are not directly on the enterprise network?

A. Syslog
B. EDR
C. SAP
D. SCCM

A

B.
EDR