Chapter 2 - Architecture and Design Flashcards

Question

Honeyfiles

Answer 1

A fake file designed to detect attackers who are accessing and potentially removing data from your network

Answer 2

A network or group of honeypots set up with intentional vulnerabilities hosted on a decoy server to attract hackers

Answer 3

An attacker sending malicious data that the machine thinks is benign or not malicious

Answer 4

A DNS that sends out incorrect IP addresses

Answer 5

Model in which computing resources are supplied by a cloud services provider Customer responsible for management and security Customer NOT responsible for physical components, such as computers, networks, or physical security of datacenter Customer has responsibility for software components running on the computing infrastructure such as operating systems, network controls, applications, or protecting data

Answer 6

Used for building, testing, and deploying applications Used for creating application quickly without using managing underlying infrastructure Cloud provider manages hardware and operating systems Customer responsible for applications and data

Answer 7

Hosted and managed by the cloud provider for the customer Least amount of management by cloud customer Cloud provider responsible for managing everything but data, devices, accounts, and identities

Answer 8

A broad description of all cloud models that use any combination of the cloud

Answer 9

Available to everyone over the internet

Answer 10

Several organizations share the same resources

Answer 11

Your own virtualized data center

Answer 12

A mix of public and private

Answer 13

A third-party that offers a cloud computing platform, infrastructure, application, or storage services, usually for a fee

Answer 14

Used as information technology-related support for companies who lack the in-house resources needed to maintain their systems

Answer 15

Provides outsourced monitoring and management of security devices and systems

Answer 16

Applications are on local hardware and your servers are in your data center building

Answer 17

Servers are not in the building and are usually running in a specialized computing environment

Answer 18

The on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user

Answer 19

Helps in filtering important information from the massive amount of data collected from the device and saves it in the cloud by sending the filtered data

Answer 20

Helps devices to get faster results by processing the data simultaneously received from the devices

Answer 21

A simple computer that has been optimized for establishing a remote connection with a server-based computing environment

Answer 22

Portable digital compartments holding a bundle of application files in one runtime environment that live in the cloud

Answer 23

A style of application architecture where a collection of independent services communicate through lightweight APIs

Answer 24

Managing and provisioning of infrastructure through code instead of through manual processes

Answer 25

An approach to network management that enables dynamic, programmatically efficient network configuration

Answer 26

A way to monitor and understand what the traffic flows are for application instances

Answer 27

A way to build and run applications and services without having to manage an operating system Function as a Service (FaaS)

Answer 28

Approach to managing multiple suppliers of services and integrating them to provide a single business-facing IT organization

Answer 29

System rules that specify resources and actions for a particular access feature

Answer 30

A network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks

Answer 31

Process of running many different operating systems on the same hardware

Answer 32

Having a formal process and detailed documentation by having information on every virtual object

Answer 33

Updating software regularly by installing updates and patches the moment they are available

Answer 34

Establish by securing the environment, writing code, and testing in sandboxes

Answer 35

All pieces are put together and are used in functional tests to see if the application works

Answer 36

A copy of the production data is being used for performance tests and usability features Almost ready to roll out

Answer 37

Application is live and rolled out to the user community

Answer 38

Verifies if features are working correctly and validates new functionality

Answer 39

Increase or decrease available resources as the workload changes

Answer 40

Ability to increase the workload in a given infrastructure

Answer 41

Dismantling and removing an application instance

Answer 42

Use old code to build new applications to save time - copy and paste

Answer 43

A section in the source code of a program which is executed but whose result is never used in any other computation

Answer 44

Checks occurring on the server to help protect against malicious users

Answer 45

Ways to dynamically allocate portions of memory to programs at their request, and free it for reuse when no longer needed

Answer 46

Online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security

Answer 47

Computer program that translates computer code written in one programming language into another language

Answer 48

Predetermined/ predicted automated responses

Answer 49

Always checking for a particular event then responding

Answer 50

Automatically validate configuration of a change

Answer 51

Practice of merging all developers' working copies to a shared mainline several times a day

Answer 52

Automate testing process, release process, and deploying the application

Answer 53

Automatically deploy to production with no manual checks

Answer 54

Process of preparing and equipping a network to allow it to provide new services to its users

Answer 55

Check for a secure baseline and see if corrections need to be made

Answer 56

Making sure data is correct and in the right format

Answer 57

A set of SQL statements that limit client interactions to secure data

Answer 58

Make something normally understandable very difficult to understand

Answer 59

End-user's app makes the validation decisions

Answer 60

Extend the functionality of a programming language

Answer 61

A file whose content is in a binary format consisting of a series of sequential bytes, each of which is eight bits in length

Answer 62

Research field about the comprehension and engineering of diversity in the context of software

Answer 63

The practice of tracking and managing changes to software code

Answer 64

A database for all of an organization's usernames, passwords, computers, printers, and other devices

Answer 65

A technology that allows users to access multiple tools, apps, and domains with only one set of credentials

Answer 66

Prove that the hardware is really yours

Answer 67

Temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors

Answer 68

Type of one-time password (OTP) that is generated using a keyed-hash message authentication code (HMAC) - shared secret key

Answer 69

Provide username and password, phone receives an SMS, and the code is inputted into the login form

Answer 70

A key that is unique to a user's session and is protected by an algorithm, which ensures servers can identify a token that has been tampered with and block it

Answer 71

Authentication factors that don't change Example: PIN

Answer 72

Application downloaded that provides pseudo-random token generators that are usually 6 digits

Answer 73

Provide username and password, app sends phone a notification, and the code is inputted into the login form

Answer 74

A call providing authentication code

Answer 75

Hold finger down on scanner

Answer 76

Unique capillary structure in the back of the eye

Answer 77

Texture and color

Answer 78

Shape of the face and features

Answer 79

Talking for access

Answer 80

Match the blood vessels visible from the surface of the skin

Answer 81

Unique measurements Example: how a person walks

Answer 82

A measurable result acquired in ideal or controlled conditions

Answer 83

Likelihood that an unauthorized user will be accepted

Answer 84

Likelihood that an authorized user will be rejected

Answer 85

The rate at which the FAR and FRR are equal

Answer 86

Password, PIN, Pattern

Answer 87

Smart card, USB token, hardware/ software tokens, phone

Answer 88

Biometric authentication

Answer 89

Location, IP address

Answer 90

Personal way of doing things - handwriting

Answer 91

Unique trait - gait, typing

Answer 92

Social factor, digital signature

Answer 93

Authentication - Prove you are who you say you are Authorization - Based on your identification and authentication, what access do you have? Accounting - Resources used: login time, data sent and received, logout time

Answer 94

Keeping data in two or more places within a database or data storage system so that if something fails, operations can still be continued

Answer 95

Having the same data stored on separate disks enables the data to be recovered in the event of a disk failure

Answer 96

Using multiple drives within a single array where you can store some or all of the data on a redundant drive. If a physical drive is lost, you have separate pieces of data stored on multiple drives as part of that array

Answer 97

Configuring multiple links in the network to provide redundancy if one part of the network was to fail

Answer 98

Some servers are active and others are on standby If one server fails, the passive server takes its place

Answer 99

Grouping physical network adapters to improve performance and redundancy

Answer 100

A type of device that powers equipment, nearly instantaneously, in the event of grid power failure Examples: offline/ standby, line-interactive, On-line/ double conversion

Answer 101

Long-term power backup that can power an entire building but takes a little time to power up

Answer 102

Redundant circuits that generate two different output voltages from a single input source Both run at 50% but can handle all 100% Can swap out without powering down

Answer 103

Device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center

Answer 104

Sharing data between two devices so if one fails you can still work with the data that has a very fast recovery time compared to traditional backups

Answer 105

Create backup versions of virtual machines that can be kept and used to restore the machine in the event that its data is corrupted or lost

Answer 106

Local devices are connected over fast networks Purchasing your own storage is an expensive capital investment Local data is private

Answer 107

Cloud connections are almost always slower Cloud costs have a low entry point and can scale Data stored in the cloud requires additional security controls

Answer 108

A complete copy of a business or organization's data assets in their entirety

Answer 109

All files changed since the last incremental backup

Answer 110

All files changed since the last full backup

Answer 111

The state of a system at a particular point in time

Answer 112

A sequential storage device that is easy to ship and store

Answer 113

A fast and efficient type of backup that can be deduplicated and compressed

Answer 114

An exact replica of a system at a particular point in time

Answer 115

File-level storage server connected to a computer network, providing data access to a group of users on that network

Answer 116

Dedicated network of storage devices that provides a shared pool of storage and appears to each user on the network as if it were connected directly to the computer

Answer 117

A backup to a remote device in a cloud that can support many devices

Answer 118

Capture an exact replica of everything on a storage device that can restore everything on a partition like OS files and documents

Answer 119

The use of a third-party service to back up data remotely over the Internet

Answer 120

A backup to local devices in a secure external location that is completely isolated from the production environment

Answer 121

Any data or document facility that is physically separate from the organization usually for disaster recovery purposes

Answer 122

Application instances being constantly built and torn down

Answer 123

Data that falls back to a previous snapshot

Answer 124

Don't modify the data, but use a previous configuration

Answer 125

Being able to launch an entire operating system from removable media that is portable

Answer 126

Describes systems that are dependable enough to operate continuously without failing

Answer 127

The order in which you have to rebuild an application instance

Answer 128

Having a diversity of technology can be beneficial if an OS fails or gets exploited

Answer 129

Can purchase different devices from different vendors to have flexibility during purchase process and renewal process Different vendors can have different support teams as well

Answer 130

Diverse certificate authorities can provide additional protection

Answer 131

Combine different administrative, physical, and technical controls together to create a defense in depth for security

Answer 132

Databases should be restored before the application

Answer 133

Incremental backups restore the full backup, then all subsequent incremental backups Differential backups restore the full backup, then the last differential backup

Answer 134

Hardware and software designed for specific functions or to operate as part of a larger system

Answer 135

Is a System on a Chip (SoC) - multiple components running on a single chip

Answer 136

An integrated circuit that can be configured/ reprogrammed after manufacturing

Answer 137

Hardware and software company, project, and user community that designs open-sourced electronics platform based on easy-to-use hardware and software

Answer 138

Provides a centralized interface for operations personnel to control and monitor all critical devices and processes from one location Allows a PC to manage equipment such as: facilities, industrial, manufacturing, energy, logistics

Answer 139

Devices commonly connected to the internet and connected to many different types of systems inside of our homes and businesses

Answer 140

Heating and cooling, lighting

Answer 141

Home automations, video door bell

Answer 142

Watches, health monitors

Answer 143

Temperature, air quality, lighting

Answer 144

IoT manufacturers are not security professionals

Answer 145

Heart monitors, insulin pumps - older OS

Answer 146

Multiple embedded systems that can all communicate with each other for a better driving experience

Answer 147

Multiple embedded systems that can all communicate with each other

Answer 148

In home to measure power and water usage

Answer 149

Type of phone system that uses an internet connection to make and receive calls, rather than traditional landlines

Answer 150

PC manages this equipment to make cooling and heating decisions for workspaces and data centers

Answer 151

A piece of office equipment that consolidates the capabilities of multiple devices

Answer 152

Operating system with a deterministic processing schedule that does not wait for other processes Example: automatic brakes on a car

Answer 153

Video/ audio have embedded systems in the camera and the monitoring stations

Answer 154

Wireless cellular technology, offering higher upload and download speeds, more consistent connections, and improved capacity than previous networks

Answer 155

Communicate analog signals over a narrow range of frequencies Over a long distance - conserve the frequency use

Answer 156

Using a single frequency to be able to communicate

Answer 157

Used to provide information to a cellular network provider - phones, tablets, embedded systems

Answer 158

The meshed communication between IoT devices that is an alternative to Wi-Fi and Bluetooth

Answer 159

May not have access to main power source Batteries need replaced

Answer 160

Low-power CPUs are limited in speed

Answer 161

May not have the option for a wired link or may be in the middle of a field

Answer 162

Limited hardware options that is difficult to change or modify cryptography features

Answer 163

Some devices have no field-upgradable options or difficult to install

Answer 164

Security features are an after thought such as no multi-factor, limited integration

Answer 165

Purpose-built and usually does one thing very well which may not provide additional functionality

Answer 166

Single-purpose comes at a low cost and low cost may affect product quality

Answer 167

Limited access to hardware and software which makes it difficult to verify the security posture

Answer 168

Allow people, prevent access to cars and trucks

Answer 169

Provides a space between two sets of interlocking doors

Answer 170

Allows access to true employees/ workers

Answer 171

Triggered by a person and alerts people

Answer 172

Provides clear and specific instructions

Answer 173

Motion recognition - can alarm and alert when something moves Object detection - can identify a license plat or a person's face

Answer 174

A video surveillance resource that can replace physical guards

Answer 175

Conceal an important facility in plain site

Answer 176

Guards Robot Sentries - continuously monitors Two-person integrity/ control - no single person has access to asset Reception

Answer 177

Temporary security to keep something from being removed

Answer 178

Prevents "juice jacking" Allows the voltage and rejects the data

Answer 179

More security by seeing easier and attackers avoiding

Answer 180

Builds a perimeter to keep people out

Answer 181

Water is bad for electronics Chemical suppression - Dupont FM 200

Answer 182

Detects aspects such as motion, noise, proximity, moisture, and temperature

Answer 183

Covers large areas quickly with motion detection and thermal sensors

Answer 184

Keeps track of people going in and out of building of building for when something happens

Answer 185

Blocks electromagnetic fields

Answer 186

An additional layer of security between internet and you

Answer 187

A physically secure cabled network

Answer 188

Physical separation between networks

Answer 189

Secure reinforced room

Answer 190

Smaller less expensive space

Answer 191

A way to keep components at optimal temperatures

Answer 192

Physically light documents on fire

Answer 193

Put through a shredder and cut into tiny pieces

Answer 194

Put in large tank to remove ink and broken down to a pulp

Answer 195

Using heavy machinery for complete destruction

Answer 196

Remove the magnetic field to destroy the drive data

Answer 197

Having someone destroy data for you Make sure to get certificate of destruction

Answer 198

Conventional - Lock and key Deadbolt - Physical bolt Electronic - Keyless, PIN Token-based - RFID badge, magnetic swipe Biometric - Hand, fingers, retina Multi-factor - smart card and PIN

Answer 199

An electronic, encrypted, stamp of authentication on digital information Authentication, non-repudiation, integrity

Answer 200

Larger = more secure Shorter = more weak Symmetric = 128-bit or larger Asymmetric = 3,072 bits or larger

Answer 201

Making a weak key more secure against a brute force attack by hashing a hash and hashing that hash and so on...

Answer 202

Random data added to a password when hashing

Answer 203

Representing data as a short string of text

Answer 204

Exchange the secret key so that each party is able to encrypt messages before sending, and decrypt received ones

Answer 205

An approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields Powerful and used for a device with limited number of resources

Answer 206

Feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised

Answer 207

Protecting against eavesdropping using quantum cryptography by creating unbreakable encryption

Answer 208

Using a new computing technology that bases computers off of quantum physics Qubit is the smallest form of information

Answer 209

Not yet secure against classical computers Cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer

Answer 210

Generated for each execution of a key establishment process Changing often

Answer 211

Each block being encrypted with the same key Identical plaintext blocks create identical ciphertext blocks

Answer 212

Each plaintext block is exclusive or (XORed) with the previous ciphertext block

Answer 213

Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block

Answer 214

A place to keep track of transactions that is distributed to everyone

Answer 215

An encryption technique that works byte by byte to transform plain text into code Each plaintext digit is encrypted one at a time

Answer 216

A method of encrypting data in blocks to produce ciphertext Algorithm operating on fixed-length groups of bits, called blocks

Answer 217

Security through obscurity Making a message invisible even though it is there

Answer 218

Modifying the digital audio file to interlace a secret message within the audio file

Answer 219

A sequence of images Using image steganography on a larger scale

Answer 220

Embedding a message in an image itself

Answer 221

The ability to perform calculations and research on data while it is encrypted

Answer 222

Smaller symmetric key Elliptic curve cryptography (ECC) for asymmetric encryption

Answer 223

Fast computation time Symmetric encryption, smaller key sized

Answer 224

Larger key sizes Encryption algorithm quality Hashing provides data integrity

Answer 225

To keep secret and private use encryption

Answer 226

Use a hash to to prevent modification of data such as file downloads and password storage

Answer 227

Encrypted data hides the active malware code and decryption occurs during execution

Answer 228

Password hashing and salting to protect the password

Answer 229

Use digital signature to confirm the authenticity of data

Answer 230

Cryptography adds overhead and more encryption can increase the load

Answer 231

Encrypting bytes might double storage size

Answer 232

Easier to brute force and may be security issues

Answer 233

Large files take a long time to encrypt and hash

Answer 234

A specific cryptographic technology can become less secure over time

Answer 235

Hardware random number generators can be predictable in which random numbers are critical for cryptography

Answer 236

Reduces complexity and if the key is compromised everything can be at risk

Answer 237

IoT - limited security, memory, and power Real-time applications can't delay Difficult to maintain and update security components

Answer 238

A single key, encrypt and decrypt with the same key

Answer 239

Two (or more) mathematically related keys, private and public key Private key decrypt and public key encrypts Private key encrypts and public key decrypts

Answer 240

Designed to protect information created and transmitted by the Internet of Things, as well as for other miniature technologies

Answer 241

Sending the symmetric key by phone, courier, in person, etc.

Answer 242

Sending it on the network with additional encryption and using asymmetric encryption to deliver the symmetric key

Answer 243

An algorithm that uses a block cipher to provide information security such as confidentiality or authenticity