Chapter 2 - Architecture and Design Flashcards

1
Q

Configuration Management

A

The process of maintaining systems, such as computer hardware and software, in a desired state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Network Diagram

A

Documentation of physical wire and device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Device Diagram

A

Documentation of individual cabling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Baseline Configuration

A

A documented set of specifications for an information system; security and integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Standard Naming Conventions

A

A set of rules for choosing the character sequence to be used for identifiers which denote variables, types, functions, and other entities in source code and documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Internet Protocol (IP) Schema

A

A plan or model used for addressing for network devices and avoiding duplicated IP addressing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Sovereignty

A

The idea that a country or jurisdiction has the authority and right to govern and control the data generated within its borders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Loss Prevention (DLP)

A

The practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Masking

A

Data obfuscation is the process of modifying sensitive data in such a way that it is of no or little value to unauthorized intruders while still being usable by software or authorized personnel
Example: number on a receipt - Bank card: **687

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Encryption

A

Encoding information into unreadable data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data at Rest

A

Data on a storage device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data in Transit/ Motion

A

Data transmitted over the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data in Use

A

Data actively processing in memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tokenization

A

Replacing sensitive data with a non-sensitive placeholder
Example: SSN 266-12-1112 is now 691-61-8539

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Information Rights Management (IRM)

A

Control how data is used by specific people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Geographical Considerations

A

Legal implications, offsite backup, offsite recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Incident Response and Recovery Controls

A

The handling of how respond and recover from a disaster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) Inspection

A

Used to examine outgoing data that is using the SSL/ TLS protocols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Hashing

A

Representing data as a short string of text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Site Resiliency

A

A network or system’s ability to adapt and to protect data and services from disruptions and disasters by having a second data center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Hot Site

A

An exact replica of the original data center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Cold Site

A

No hardware, data, or people
Will take a long time to get back up and running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Warm Site

A

Just enough resources to get back up and running again

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Honeypots

A

A computer security mechanism set to lure in attackers that attempts an unauthorized use of information systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Honeyfiles

A

A fake file designed to detect attackers who are accessing and potentially removing data from your network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Honeynets

A

A network or group of honeypots set up with intentional vulnerabilities hosted on a decoy server to attract hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Fake Telemetry

A

An attacker sending malicious data that the machine thinks is benign or not malicious

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

DNS Sinkhole

A

A DNS that sends out incorrect IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Infrastructure as a Service (IaaS)

A

Model in which computing resources are supplied by a cloud services provider
Customer responsible for management and security
Customer NOT responsible for physical components, such as computers, networks, or physical security of datacenter
Customer has responsibility for software components running on the computing infrastructure such as operating systems, network controls, applications, or protecting data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Platform as a Service (PaaS)

A

Used for building, testing, and deploying applications
Used for creating application quickly without using managing underlying infrastructure
Cloud provider manages hardware and operating systems
Customer responsible for applications and data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Software as a Service (SaaS)

A

Hosted and managed by the cloud provider for the customer
Least amount of management by cloud customer
Cloud provider responsible for managing everything but data, devices, accounts, and identities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Anything as a Service (XaaS)

A

A broad description of all cloud models that use any combination of the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Public Cloud Deployment Model

A

Available to everyone over the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Community Cloud Deployment Model

A

Several organizations share the same resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Private Cloud Deployment Model

A

Your own virtualized data center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Hybrid Cloud Deployment Model

A

A mix of public and private

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Cloud Service Provider

A

A third-party that offers a cloud computing platform, infrastructure, application, or storage services, usually for a fee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Managed Service Provider (MSP)

A

Used as information technology-related support for companies who lack the in-house resources needed to maintain their systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Managed Security Service Provider (MSSP)

A

Provides outsourced monitoring and management of security devices and systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

On-premises

A

Applications are on local hardware and your servers are in your data center building

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Off-premises

A

Servers are not in the building and are usually running in a specialized computing environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Cloud Computing

A

The on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Fog Computing

A

Helps in filtering important information from the massive amount of data collected from the device and saves it in the cloud by sending the filtered data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Edge Computing

A

Helps devices to get faster results by processing the data simultaneously received from the devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Thin Client

A

A simple computer that has been optimized for establishing a remote connection with a server-based computing environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Containers

A

Portable digital compartments holding a bundle of application files in one runtime environment that live in the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Microservices/ API

A

A style of application architecture where a collection of independent services communicate through lightweight APIs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Infrastructure as Code

A

Managing and provisioning of infrastructure through code instead of through manual processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Software-defined Networking (SDN)

A

An approach to network management that enables dynamic, programmatically efficient network configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Software-defined Visibility (SDV)

A

A way to monitor and understand what the traffic flows are for application instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Serverless Architecture

A

A way to build and run applications and services without having to manage an operating system
Function as a Service (FaaS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Services Integration and Management (SIAM)

A

Approach to managing multiple suppliers of services and integrating them to provide a single business-facing IT organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Resource Policies

A

System rules that specify resources and actions for a particular access feature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Transit Gateway

A

A network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Virtualization

A

Process of running many different operating systems on the same hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Virtual Machine (VM) Sprawl Avoidance

A

Having a formal process and detailed documentation by having information on every virtual object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

VM Escape Protection

A

Updating software regularly by installing updates and patches the moment they are available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Development Stage

A

Establish by securing the environment, writing code, and testing in sandboxes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Test Stage

A

All pieces are put together and are used in functional tests to see if the application works

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Staging Stage

A

A copy of the production data is being used for performance tests and usability features
Almost ready to roll out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Production Stage

A

Application is live and rolled out to the user community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Quality Assurance (QA) Stage

A

Verifies if features are working correctly and validates new functionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Elasticity

A

Increase or decrease available resources as the workload changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Scalability

A

Ability to increase the workload in a given infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Deprovisioning

A

Dismantling and removing an application instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Code Reuse

A

Use old code to build new applications to save time - copy and paste

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Dead Code

A

A section in the source code of a program which is executed but whose result is never used in any other computation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Server-side Validation

A

Checks occurring on the server to help protect against malicious users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Memory Management

A

Ways to dynamically allocate portions of memory to programs at their request, and free it for reuse when no longer needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Open Web Application Security Project (OWASP)

A

Online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Compiler

A

Computer program that translates computer code written in one programming language into another language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Automated Courses of Action

A

Predetermined/ predicted automated responses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Continuous Monitoring

A

Always checking for a particular event then responding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Continuous Validation

A

Automatically validate configuration of a change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Continuous Integration (CI)

A

Practice of merging all developers’ working copies to a shared mainline several times a day

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Continuous Delivery (CD)

A

Automate testing process, release process, and deploying the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Continuous Deployment

A

Automatically deploy to production with no manual checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Provisioning

A

Process of preparing and equipping a network to allow it to provide new services to its users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Integrity Measurement

A

Check for a secure baseline and see if corrections need to be made

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Normalization

A

Making sure data is correct and in the right format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Stored Procedures

A

A set of SQL statements that limit client interactions to secure data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

Obfuscation/ Camouflage

A

Make something normally understandable very difficult to understand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Client-side Validation

A

End-user’s app makes the validation decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Third-party Libraries and SDKs

A

Extend the functionality of a programming language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Binary File

A

A file whose content is in a binary format consisting of a series of sequential bytes, each of which is eight bits in length

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Software Diversity

A

Research field about the comprehension and engineering of diversity in the context of software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Version Control

A

The practice of tracking and managing changes to software code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Directory Services

A

A database for all of an organization’s usernames, passwords, computers, printers, and other devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Federation

A

A technology that allows users to access multiple tools, apps, and domains with only one set of credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Attestation

A

Prove that the hardware is really yours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Authentication Method - Time-based One-time Password (TOTP)

A

Temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Authentication Method - HMAC-based One-time Password (HTOP)

A

Type of one-time password (OTP) that is generated using a keyed-hash message authentication code (HMAC) - shared secret key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Authentication Method - Short Message Service (SMS)

A

Provide username and password, phone receives an SMS, and the code is inputted into the login form

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Authentication Method - Token Key

A

A key that is unique to a user’s session and is protected by an algorithm, which ensures servers can identify a token that has been tampered with and block it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Authentication Method - Static Codes

A

Authentication factors that don’t change
Example: PIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Authentication Method - Authentication Applications

A

Application downloaded that provides pseudo-random token generators that are usually 6 digits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Authentication Method - Push Notifications

A

Provide username and password, app sends phone a notification, and the code is inputted into the login form

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Authentication Method - Phone Call

A

A call providing authentication code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Biometric Factor - Fingerprint

A

Hold finger down on scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Biometric Factor - Retina

A

Unique capillary structure in the back of the eye

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Biometric Factor - Iris

A

Texture and color

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Biometric Factor - Facial

A

Shape of the face and features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Biometric Factor - Voice

A

Talking for access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Biometric Factor - Vein

A

Match the blood vessels visible from the surface of the skin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Biometric Factor - Gait Analysis

A

Unique measurements
Example: how a person walks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

Efficacy Rates

A

A measurable result acquired in ideal or controlled conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

False Acceptance Rate (FAR)

A

Likelihood that an unauthorized user will be accepted

99
Q

False Rejection Rate (FRR)

A

Likelihood that an authorized user will be rejected

100
Q

Crossover Error Rate (CER)

A

The rate at which the FAR and FRR are equal

101
Q

Multifactor Authentication Factor - Something You Know

A

Password, PIN, Pattern

102
Q

Multifactor Authentication Factor - Something You Have

A

Smart card, USB token, hardware/ software tokens, phone

103
Q

Multifactor Authentication Factor - Something You Are

A

Biometric authentication

104
Q

Multifactor Authentication Attribute - Somewhere You Are

A

Location, IP address

105
Q

Multifactor Authentication Attribute - Something You Can Do

A

Personal way of doing things - handwriting

106
Q

Multifactor Authentication Attribute - Something You Exhibit

A

Unique trait - gait, typing

107
Q

Multifactor Authentication Attribute - Someone You Know

A

Social factor, digital signature

108
Q

Authentication, Authorization, and Accounting (AAA)

A

Authentication - Prove you are who you say you are
Authorization - Based on your identification and authentication, what access do you have?
Accounting - Resources used: login time, data sent and received, logout time

109
Q

Redundancy

A

Keeping data in two or more places within a database or data storage system so that if something fails, operations can still be continued

110
Q

Disk Redundancy

A

Having the same data stored on separate disks enables the data to be recovered in the event of a disk failure

111
Q

Redundant Array of Independent Disks (RAID)

A

Using multiple drives within a single array where you can store some or all of the data on a redundant drive. If a physical drive is lost, you have separate pieces of data stored on multiple drives as part of that array

112
Q

Multipath I/O (Input/ Output) Redundancy

A

Configuring multiple links in the network to provide redundancy if one part of the network was to fail

113
Q

Load Balancing

A

Some servers are active and others are on standby
If one server fails, the passive server takes its place

114
Q

Network Interface Card (NIC) Teaming

A

Grouping physical network adapters to improve performance and redundancy

115
Q

Uninterruptable Power Supply (UPS)

A

A type of device that powers equipment, nearly instantaneously, in the event of grid power failure
Examples: offline/ standby, line-interactive, On-line/ double conversion

116
Q

Generator

A

Long-term power backup that can power an entire building but takes a little time to power up

117
Q

Dual-power Supplies

A

Redundant circuits that generate two different output voltages from a single input source
Both run at 50% but can handle all 100%
Can swap out without powering down

118
Q

Power Distribution Units (PDUs)

A

Device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center

119
Q

Storage Area Network (SAN) Replication

A

Sharing data between two devices so if one fails you can still work with the data that has a very fast recovery time compared to traditional backups

120
Q

VM Replication

A

Create backup versions of virtual machines that can be kept and used to restore the machine in the event that its data is corrupted or lost

121
Q

On-premises Redundancy

A

Local devices are connected over fast networks
Purchasing your own storage is an expensive capital investment
Local data is private

122
Q

Cloud Redundancy

A

Cloud connections are almost always slower
Cloud costs have a low entry point and can scale
Data stored in the cloud requires additional security controls

123
Q

Full Backup

A

A complete copy of a business or organization’s data assets in their entirety

124
Q

Incremental Backup

A

All files changed since the last incremental backup

125
Q

Differential Backup

A

All files changed since the last full backup

126
Q

Snapshot Backup

A

The state of a system at a particular point in time

127
Q

Tape Backup

A

A sequential storage device that is easy to ship and store

128
Q

Disk Backup

A

A fast and efficient type of backup that can be deduplicated and compressed

129
Q

Copy Backup

A

An exact replica of a system at a particular point in time

130
Q

Network Attached Storage (NAS)

A

File-level storage server connected to a computer network, providing data access to a group of users on that network

131
Q

Storage Area Network (SAN)

A

Dedicated network of storage devices that provides a shared pool of storage and appears to each user on the network as if it were connected directly to the computer

132
Q

Cloud Backup

A

A backup to a remote device in a cloud that can support many devices

133
Q

Image Backup

A

Capture an exact replica of everything on a storage device that can restore everything on a partition like OS files and documents

134
Q

Online Backup

A

The use of a third-party service to back up data remotely over the Internet

135
Q

Offline Backup

A

A backup to local devices in a secure external location that is completely isolated from the production environment

136
Q

Offsite Storage

A

Any data or document facility that is physically separate from the organization usually for disaster recovery purposes

137
Q

Non-persistence

A

Application instances being constantly built and torn down

138
Q

Revert to Known State

A

Data that falls back to a previous snapshot

139
Q

Last Known-good Configuration

A

Don’t modify the data, but use a previous configuration

140
Q

Live Boot Media

A

Being able to launch an entire operating system from removable media that is portable

141
Q

High Availability (HA)

A

Describes systems that are dependable enough to operate continuously without failing

142
Q

Restoration Order

A

The order in which you have to rebuild an application instance

143
Q

Technology Diversity

A

Having a diversity of technology can be beneficial if an OS fails or gets exploited

144
Q

Vendor Diversity

A

Can purchase different devices from different vendors to have flexibility during purchase process and renewal process
Different vendors can have different support teams as well

145
Q

Crypto Diversity

A

Diverse certificate authorities can provide additional protection

146
Q

Controls Diversity

A

Combine different administrative, physical, and technical controls together to create a defense in depth for security

147
Q

Application-specific Restoration Order

A

Databases should be restored before the application

148
Q

Backup-specific Restoration Order

A

Incremental backups restore the full backup, then all subsequent incremental backups
Differential backups restore the full backup, then the last differential backup

149
Q

Embedded Systems

A

Hardware and software designed for specific functions or to operate as part of a larger system

150
Q

Raspberry Pi

A

Is a System on a Chip (SoC) - multiple components running on a single chip

151
Q

Field-programmable Gate Array (FPGA)

A

An integrated circuit that can be configured/ reprogrammed after manufacturing

152
Q

Arduino

A

Hardware and software company, project, and user community that designs open-sourced electronics platform based on easy-to-use hardware and software

153
Q

Supervisory Control and Data Acquisition (SCADA)/ Industrial Control System (ICS)

A

Provides a centralized interface for operations personnel to control and monitor all critical devices and processes from one location
Allows a PC to manage equipment such as: facilities, industrial, manufacturing, energy, logistics

154
Q

Smart Devices/ Internet of Things (IoT)

A

Devices commonly connected to the internet and connected to many different types of systems inside of our homes and businesses

155
Q

Smart Devices/ Internet of Things (IoT) - Sensors

A

Heating and cooling, lighting

156
Q

Smart Devices/ Internet of Things (IoT) - Smart Devices

A

Home automations, video door bell

157
Q

Smart Devices/ Internet of Things (IoT) - Wearables

A

Watches, health monitors

158
Q

Smart Devices/ Internet of Things (IoT) - Facility Automation

A

Temperature, air quality, lighting

159
Q

Smart Devices/ Internet of Things (IoT) - Weak Defaults

A

IoT manufacturers are not security professionals

160
Q

Specialized Embedded Device - Medical Systems

A

Heart monitors, insulin pumps - older OS

161
Q

Specialized Embedded Device - Vehicles

A

Multiple embedded systems that can all communicate with each other for a better driving experience

162
Q

Specialized Embedded Device - Aircraft

A

Multiple embedded systems that can all communicate with each other

163
Q

Specialized Embedded Device - Smart Meters

A

In home to measure power and water usage

164
Q

Voice Over IP (VoIP)

A

Type of phone system that uses an internet connection to make and receive calls, rather than traditional landlines

165
Q

Heating, Ventilation, Air Conditioning (HVAC)

A

PC manages this equipment to make cooling and heating decisions for workspaces and data centers

166
Q

Multifunction Printer (MFP)

A

A piece of office equipment that consolidates the capabilities of multiple devices

167
Q

Real-time Operating System (RTOS)

A

Operating system with a deterministic processing schedule that does not wait for other processes
Example: automatic brakes on a car

168
Q

Surveillance Systems

A

Video/ audio have embedded systems in the camera and the monitoring stations

169
Q

Embedded Systems Communication - 5G

A

Wireless cellular technology, offering higher upload and download speeds, more consistent connections, and improved capacity than previous networks

170
Q

Embedded Systems Communication - Narrow-band

A

Communicate analog signals over a narrow range of frequencies
Over a long distance - conserve the frequency use

171
Q

Embedded Systems Communication - Baseband Radio

A

Using a single frequency to be able to communicate

172
Q

Embedded Systems Communication - Subscriber Identity Module (SIM) Cards

A

Used to provide information to a cellular network provider - phones, tablets, embedded systems

173
Q

Embedded Systems Communication - Zigbee

A

The meshed communication between IoT devices that is an alternative to Wi-Fi and Bluetooth

174
Q

Embedded Systems Constraints - Power

A

May not have access to main power source
Batteries need replaced

175
Q

Embedded Systems Constraints - Compute

A

Low-power CPUs are limited in speed

176
Q

Embedded Systems Constraints - Network

A

May not have the option for a wired link or may be in the middle of a field

177
Q

Embedded Systems Constraints - Crypto

A

Limited hardware options that is difficult to change or modify cryptography features

178
Q

Embedded Systems Constraints - Inability to Patch

A

Some devices have no field-upgradable options or difficult to install

179
Q

Embedded Systems Constraints - Authentication

A

Security features are an after thought such as no multi-factor, limited integration

180
Q

Embedded Systems Constraints - Range

A

Purpose-built and usually does one thing very well which may not provide additional functionality

181
Q

Embedded Systems Constraints - Cost

A

Single-purpose comes at a low cost and low cost may affect product quality

182
Q

Embedded Systems Constraints - Implied Trust

A

Limited access to hardware and software which makes it difficult to verify the security posture

183
Q

Physical Controls - Bollards/ Barricades

A

Allow people, prevent access to cars and trucks

184
Q

Physical Controls - Access Control Vestibules

A

Provides a space between two sets of interlocking doors

185
Q

Physical Controls - Badges

A

Allows access to true employees/ workers

186
Q

Physical Controls - Alarms

A

Triggered by a person and alerts people

187
Q

Physical Controls - Signage

A

Provides clear and specific instructions

188
Q

Physical Controls - Cameras

A

Motion recognition - can alarm and alert when something moves
Object detection - can identify a license plat or a person’s face

189
Q

Physical Controls - Closed-circuit Television (CCTV)

A

A video surveillance resource that can replace physical guards

190
Q

Physical Controls - Industrial Camouflage

A

Conceal an important facility in plain site

191
Q

Physical Controls - Personnel

A

Guards
Robot Sentries - continuously monitors
Two-person integrity/ control - no single person has access to asset
Reception

192
Q

Physical Controls - Cable Locks

A

Temporary security to keep something from being removed

193
Q

Physical Controls - USB Data Blocker

A

Prevents “juice jacking”
Allows the voltage and rejects the data

194
Q

Physical Controls - Lighting

A

More security by seeing easier and attackers avoiding

195
Q

Physical Controls - Fencing

A

Builds a perimeter to keep people out

196
Q

Physical Controls - Fire Suppression

A

Water is bad for electronics
Chemical suppression - Dupont FM 200

197
Q

Physical Controls - Sensors

A

Detects aspects such as motion, noise, proximity, moisture, and temperature

198
Q

Physical Controls - Drones

A

Covers large areas quickly with motion detection and thermal sensors

199
Q

Physical Controls - Visitor Logs

A

Keeps track of people going in and out of building of building for when something happens

200
Q

Physical Controls - Faraday Cages

A

Blocks electromagnetic fields

201
Q

Physical Controls - Screen Subnet (DZ)

A

An additional layer of security between internet and you

202
Q

Physical Controls - Protected Cable Distribution

A

A physically secure cabled network

203
Q

Secure Areas - Air Gap

A

Physical separation between networks

204
Q

Secure Areas - Vault

A

Secure reinforced room

205
Q

Secure Areas - Safe

A

Smaller less expensive space

206
Q

Secure Areas - Hot Aisle and Cold Aisle

A

A way to keep components at optimal temperatures

207
Q

Secure Data Destruction - Burning

A

Physically light documents on fire

208
Q

Secure Data Destruction - Shredding

A

Put through a shredder and cut into tiny pieces

209
Q

Secure Data Destruction - Pulping

A

Put in large tank to remove ink and broken down to a pulp

210
Q

Secure Data Destruction - Pulverizing

A

Using heavy machinery for complete destruction

211
Q

Secure Data Destruction - Degaussing

A

Remove the magnetic field to destroy the drive data

212
Q

Secure Data Destruction - Third-party Solutions

A

Having someone destroy data for you
Make sure to get certificate of destruction

213
Q

Physical Controls - Door Locks

A

Conventional - Lock and key
Deadbolt - Physical bolt
Electronic - Keyless, PIN
Token-based - RFID badge, magnetic swipe
Biometric - Hand, fingers, retina
Multi-factor - smart card and PIN

214
Q

Digital Signature

A

An electronic, encrypted, stamp of authentication on digital information
Authentication, non-repudiation, integrity

215
Q

Key Length

A

Larger = more secure
Shorter = more weak
Symmetric = 128-bit or larger
Asymmetric = 3,072 bits or larger

216
Q

Key Stretching

A

Making a weak key more secure against a brute force attack by hashing a hash and hashing that hash and so on…

217
Q

Salting

A

Random data added to a password when hashing

218
Q

Hashing

A

Representing data as a short string of text

219
Q

Key Exchange

A

Exchange the secret key so that each party is able to encrypt messages before sending, and decrypt received ones

220
Q

Elliptic-curve Cryptography (ECC)

A

An approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields
Powerful and used for a device with limited number of resources

221
Q

Perfect Forward Secrecy (PFS)

A

Feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised

222
Q

Quantum Communication

A

Protecting against eavesdropping using quantum cryptography by creating unbreakable encryption

223
Q

Quantum Computing

A

Using a new computing technology that bases computers off of quantum physics
Qubit is the smallest form of information

224
Q

Post-quantum Cryptography

A

Not yet secure against classical computers
Cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer

225
Q

Ephemeral Key

A

Generated for each execution of a key establishment process
Changing often

226
Q

Modes of Operation - Electronic Code Book (ECB)

A

Each block being encrypted with the same key
Identical plaintext blocks create identical ciphertext blocks

227
Q

Modes of Operation - Cipher Block Chaining (CBC)

A

Each plaintext block is exclusive or (XORed) with the previous ciphertext block

228
Q

Modes of Operation - Counter (CTR)

A

Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block

229
Q

Blockchain - Public Ledgers

A

A place to keep track of transactions that is distributed to everyone

230
Q

Stream Cipher

A

An encryption technique that works byte by byte to transform plain text into code
Each plaintext digit is encrypted one at a time

231
Q

Block Cipher

A

A method of encrypting data in blocks to produce ciphertext
Algorithm operating on fixed-length groups of bits, called blocks

232
Q

Steganography

A

Security through obscurity
Making a message invisible even though it is there

233
Q

Steganography - Audio

A

Modifying the digital audio file to interlace a secret message within the audio file

234
Q

Steganography - Video

A

A sequence of images
Using image steganography on a larger scale

235
Q

Steganography - Image

A

Embedding a message in an image itself

236
Q

Homomorphic Encryption

A

The ability to perform calculations and research on data while it is encrypted

237
Q

Common Use Cases - Low Power Devices

A

Smaller symmetric key
Elliptic curve cryptography (ECC) for asymmetric encryption

238
Q

Common Use Cases - Low Latency

A

Fast computation time
Symmetric encryption, smaller key sized

239
Q

Common Use Cases - High Resiliency

A

Larger key sizes
Encryption algorithm quality
Hashing provides data integrity

240
Q

Common Use Cases - Supporting Confidentiality

A

To keep secret and private use encryption

241
Q

Common Use Cases - Supporting Integrity

A

Use a hash to to prevent modification of data such as file downloads and password storage

242
Q

Common Use Cases - Supporting Obfuscation

A

Encrypted data hides the active malware code and decryption occurs during execution

243
Q

Common Use Cases - Supporting Authentication

A

Password hashing and salting to protect the password

244
Q

Common Use Cases - Supporting Non-repudiation

A

Use digital signature to confirm the authenticity of data

245
Q

Limitations - Speed

A

Cryptography adds overhead and more encryption can increase the load

246
Q

Limitations - Size

A

Encrypting bytes might double storage size

247
Q

Limitations - Weak Keys

A

Easier to brute force and may be security issues

248
Q

Limitations - Time

A

Large files take a long time to encrypt and hash

249
Q

Limitations - Longevity

A

A specific cryptographic technology can become less secure over time

250
Q

Limitations - Predictability

A

Hardware random number generators can be predictable in which random numbers are critical for cryptography

251
Q

Limitations - Reuse

A

Reduces complexity and if the key is compromised everything can be at risk

252
Q

Limitations - Resource vs. Security Constraints

A

IoT - limited security, memory, and power
Real-time applications can’t delay
Difficult to maintain and update security components

253
Q

Symmetric Encryption

A

A single key, encrypt and decrypt with the same key

254
Q

Asymmetric Encryption

A

Two (or more) mathematically related keys, private and public key
Private key decrypt and public key encrypts
Private key encrypts and public key decrypts

255
Q

Lightweight Cryptography

A

Designed to protect information created and transmitted by the Internet of Things, as well as for other miniature technologies

256
Q

Out-of-band Key Exchange

A

Sending the symmetric key by phone, courier, in person, etc.

257
Q

In-band Key Exchange

A

Sending it on the network with additional encryption and using asymmetric encryption to deliver the symmetric key

258
Q

Block Cipher Mode of Operation

A

An algorithm that uses a block cipher to provide information security such as confidentiality or authenticity