Chapter 3

Question 1

Infrastructure as a Service (IaaS)

Answer 1

A cloud computing service model that provides computing resources on demand, such as storage, servers, networking, and virtualization.

Question 2

Platform as a Service (Paas)

Answer 2

A cloud computing model that provides a complete environment for developers to build, test, deploy, and manage applications. PaaS allows developers to focus on their code without having to worry about the underlying infrastructure, such as servers, storage, and networking.

Question 3

Software as a Service (SaaS)

Answer 3

A cloud-based software delivery model that allows users to access software through the internet on a subscription basis

Question 4

Hybrid Cloud

Answer 4

Using more than one cloud provider. Adds additional flexibility but also adds complexity to the system. Most cloud provider systems do not talk to each other directly, so manual configuration of things like authentication, Firewalls, and server settings may be needed. Cloud providers use different security monitoring systems, as well as different logging terminology.

Question 5

Data Leakage

Answer 5

Data stored in the cloud often needs to traverse the public internet which exposes it to attackers

Question 6

Infrastructure as Code

Answer 6

Code architecture exists that allows you to define a cloud infrastructure such as servers, network, and applications. This allows you to reduce the human error that can occur manually creating the infrastructure. Also allows you to modify and create versions of the infrastructure.

Question 7

Function as a Service (FaaS)

Answer 7

Applications can be separated into individual autonomous functions. Each function performs a small part of the application. These functions are commonly event triggered, and can be built in real time as the event is triggered.

Question 8

Monolithic Applications

Answer 8

One big application that does everything you need. This is the traditional way of writing applications. One single executable is handling all user interface, logic, and data input and output. This makes the application take up a lot of storage space and have a large codebase.

Question 9

Application Programming Interface (API)

Answer 9

Allows programs to access code written elsewhere.

Question 10

Microservice

Answer 10

Uses APIs to create multiple smaller programs that handle discrete parts of an application. If one of the microservices goes down the rest will continue to work.

Question 11

Air Gap

Answer 11

Physically separating devices. If one device is compromised it wont compromise the other.

Question 12

Virtual Local Area Networks (VLANs)

Answer 12

A logical segmentation that allows the segmentation of data on the same device.

Question 13

Software Defined Networking (SDN)

Answer 13

Splitting functions into separate logical units to extend the functionality and management of a single device. Separates the control functions from the forwarding functions. 3 layers of SDN architecture: Infrastructure Layer, Control layer, Application layer.

Question 14

Infrastructure Layer

Answer 14

Data plane. Process the network frames and packets. Forwarding, trunking encrypting, NAT.

Question 15

Control Layer

Answer 15

Manages the actions of the infrastructure layer. Routing tables, session tables, NAT tables. Dynamic routing protocol updates

Question 16

Application Layer

Answer 16

Management Plane. Configures and manages the device. SSH, browser, API

Question 17

Advantages of Cloud based Infrastructure

Answer 17

Security is centralized and costs less. No on site hardware or data center to secure. A third party handles everything.

Question 18

Virtualization

Answer 18

Allows you to run many different operating systems on the same hardware. Each application instance has its own operating system, which adds overhead and complexity.

Question 19

Containerization

Answer 19

A segmentation that contains everything you need to run an application, including code and dependencies. A standardized unit of software.

Question 20

Container

Answer 20

An isolated process that is a self contained system. Apps can’t interact with each other.

Question 21

Container image

Answer 21

A standard for portability. Lightweight and uses the host kernel. Secure separation between applications

Question 22

Internet of things (IOT)

Answer 22

Devices that are integrated into your network. Smart devices, sensors, wearable tech. Convenient but often not very secure.

Question 23

Supervisory Control and Data Acquisition System (SCADA)

Answer 23

Used to monitor the status of large scale industrial equipment. Requires extensive segmentation, no access from the outside. Many SCADA systems are incredibly secure.

Question 24

Industrial Control Systems (ICS)

Answer 24

used to network together large pieces of machinery.

Question 25

Real Time Operating System (RTOS)

Answer 25

An operating system with a deterministic processing schedule. Makes sure that actions are performed within a time constraint. Will dedicate all resources to important tasks immediately. Used in industrial equipment, automobiles, and military environments. Extremely sensitive to security issues. No time for antivirus checks. Systems are often self contained and it is difficult to find a way in.

Question 26

Embedded systems

Answer 26

Hardware and software are created as a self contained and purpose built device. May work as a single component of a larger system. Can be very optimized for it’s task. Traffic light controllers, digital watches, medical imaging systems

Question 27

High Availability (HA)

Answer 27

Always on, always available. Automatic redundancy. May include many components working together. Higher availability means higher costs.

Question 28

Infrastructure Considerations

Answer 28

Availability and security can be a difficult balancing act. Available but only to the right people. Uptime % is an important metric when evaluating availability.R

Question 29

Resilience

Answer 29

Eventually something will happen. How quickly can you recover. Based on many different variables: Root cause, replacement hardware installation, software patch availability, system redundency. Commonly referred to as MTTR: Mean time to Repair.

Question 30

Mean Time to Repair (MTTR)

Answer 30

The length of time to replace something that is no longer available, with components that are available.

Question 31

Responsiveness

Answer 31

How long does it take for a user to recieve their information after they make a request? This is very important for interactive applications, as humans are sensitive to delays.

Question 32

Scalability

Answer 32

How quickly or easily can we increase or decrease capacity. This may happen many times per day. Need to make sure that security monitoring keeps up with the system scaling. Project management and scalability are an important factor to consider during the engineering phase. One missed detail can cause major deployment issues.

Question 33

Cybersecurity Insurance

Answer 33

Allows you to recover lost funds resulting from things like randsomeware attacks, or outages and business downtime. Helps mitigate risks associated with legal proceedings from customers.

Question 34

Patch Availability

Answer 34

The only constant is change. Software usually isn’t static. The first step after installation is usually making sure you are running the latest version. Patches need to be tested.

Question 35

Patch Tuesday

Answer 35

The second tuesday of each month microsoft rolls out patches.

Question 36

Power

Answer 36

A foundational element. Must be monitored. Requirements are very different depending on the purpose.

Question 37

Compute

Answer 37

An applications heavy lifting. More than just a single CPU. Cloud services provide a compute engine.

Question 38

Secure Infrastructure

Answer 38

Every network is different, but there are often simularities. We often use firewalls to segment the network, as well as provide additional security to specific parts of the network. Other services may require their own security technologies: Honeypots, jump server, load balancers, sensors.

Question 39

Zone Based Security Technologies

Answer 39

A logical separation of all of the devices on the network by their use or access type. More flexible and secure than IP address ranges. Each area of the network is associated with a zone. Simplifies security policies, allows you to determine what kinds of data can be sent between zones.

Question 40

Attack surface

Answer 40

Everything can be a vulnerability. Application code, open ports, authentication process, human error. The goal is to minimize the attack surface. Audit code, block ports on the firewall, monitor network traffic in real time, train employees. Secure physical network cabling. Application level encryption makes the data traveling our network encrypted and secure.

Question 41

Network level encryption

Answer 41

IPSec tunnels and VPN connections

Question 42

Intruision Prevention System (IPS)

Answer 42

Watches network traffic in real time. If there is any data that may be an intruision or an exploit it can block the traffic in real time. Looks for known exploits, buffer overflows, XSS

Question 43

Intrusion Detection System (IDS)

Answer 43

Watches network traffic and sounds an alarm if it thinks there is a problem.

Question 44

Failure modes

Answer 44

Eventually something will break. Depending on device configuration different things may happen. Fail open and fail closed

Question 45

Fail open

Answer 45

When a system fails data continues to wflow. Security processes are disabled but the network stays up and running.

Question 46

Fail Closed

Answer 46

When a system fails the data does not flow

Question 47

Active Monitoring

Answer 47

System in connected in line. Data can be blocked as it passes by. intrusion prevention is commonly active

Question 48

Passive Monitoring

Answer 48

A copy of the network traffic is examined using a tap or port monitor. Data can not be blocked in real time, intrusion detection is commonly passive.

Question 49

Jump Server

Answer 49

A device on the inside of your network that is accessable from the outside. This is a highly secured device that is hardened and closely monitored. Usually a 2 step process: SSH/Tunnel/VPN to the jump server, and then connect to the rest of the network from there. The compromise of a jump server is a significant breach

Question 50

Proxy Server

Answer 50

A device that sits between two endpoints and transmits data between by sending and recieving requests on their behalf. Useful for caching, access control, URL filtering, content scanning.

Question 51

Network Address Translation (NAT)

Answer 51

Converts between internal and external IP addresses on internet facing routers. A network level proxy.

Question 52

Forward Proxy

Answer 52

A proxy inside of your network that controls outbound traffic to the internet. “Internal Proxy”. Commonly used to protect and control user access to the internet.

Question 53

Reverse Proxy

Answer 53

A proxy inside your network that controls inbound traffic from the internet to your specific internal service. Can also act as a caching server for identical requests.

Question 54

Open Proxy

Answer 54

A third party, uncontrolled proxy. Can be a significant concern. Often can be used to circumvent existing security controls.

Question 55

Load Balancer

Answer 55

Distributes network traffic across multiple servers and is invisible to the end user. Useful for large scale implementations. Provides fault tolerance, server outages will not disrupt availability.

Question 56

Active-Active Load balancing

Answer 56

Keeps connections open across all the servers. Can provide TCB offloading where it keeps a connection open with all servers so users do not have to keep making new server connections which adds protocol overhead. Some load balancers provide SSL offload, which means that encryption and decryption is done by the load balancer instead of the servers. Can provide Caching and prioritization. Content switching.

Question 57

Active Passive Load balancing

Answer 57

Some of the servers are active, while others are on standby. If an active server fails, the passive server takes it’s place.

Question 58

Sensors and Collectors

Answer 58

Aggregate information from the network devices. Some are their own stand alone device, while others are built in to switches, routers, servers, firewalls, etc. All of the data collected by these sensors are sent to a central database called a collector.

Question 59

Extensible Authentication Protocol (EAP)

Answer 59

A framework for authentication that can be applied to various network configurations. Manufacturers can build their own EAP methods. The most common integration of EAP is with 802.1x which prevents access to the network until authentication succeeds.

Question 60

IEEE 802.1x

Answer 60

Sometimes refered to as Port Based Network Access Control (NAC). When you plug into an available access point on a switch you would not gain access to the network until you authenticate. Used in conjunction with other authentication protocols or databases such as RADIUS, LDAP, etc. Involves 3 separate components: Supplicant, Authenticator, and Authentication server.

Question 61

Supplicant

Answer 61

End user or client

Question 62

Authenticator

Answer 62

The device that provides access such as a switch or AP (access point)

Question 63

Authentication Server

Answer 63

A backend database that contains and validates the log in credentials

Question 64

Network Based Firewall

Answer 64

Controls the traffic through the use of a purpose built appliance. Traditional network firewalls control traffic based on OSI layer 4: A TCP port or UDP port layer number. Next generation firewalls use OSI layer 7, which is the application layer. Firewalls can integrate other services such as the encyption of traffic. Many firewalls cna be layer 3 devices (routers). These devices commonly sit on the ingress/egress of the network.

Question 65

Unified Threat Management device (UTM)

Answer 65

An older type of firewall that has a number of security features built in. Also called an all in one security applicance or a web security gateway.

Question 66

Next Generation Firewall (NGFW)

Answer 66

Operates at OSI layer 7, the application layer. Can make forwarding decisions based on the applications being used on the network. Also called: application layer gateway, stateful multilayer inspection, deep packet inspection. Can view all the data in every packet. Can perform a deep packet decode and recognize who is sending the traffic, where it is going, what is contained within the application layer of the traffic, and determine if the packet is allowed or disallowed through the firewall. Gives you granular control of what people are able to do on the network. Ex. employee can view twitter but cannot post. They often act as an intrusion prevention system. Allows for URL catagorization and allow/deny lists.

Question 67

Web Application Firewall (WAF)

Answer 67

Analizes input into web based applications and allow or disallow traffic based on the input. Commonly used for web based conversations using HTTP or HTTPS. Can be used to identify SQL injection. A major focus of the payment card industry data security standard (PCI DSS) often used along side a next generation firewall.

Question 68

Virtual Private Network (VPN)

Answer 68

Encrypts private data traversing a public network. Managed using a VPN concentrator: A purpose built device that is designed to be an endpoint for everyone to connect to using the encrypted link. They are often integrated into NGFW. There are many deployment options, specialized cryptographic hardware as well as software based options. Often used with client software and sometimes built into the OS.

Question 69

VPN Concentrator

Answer 69

A purpose built device that is designed to be an endpoint for everyone to connect to using the encrypted link.

Question 70

Secure Sockets Layer (SSL)

Answer 70

The same protocol used to encrypt web server traffic. Runs over TCP port 443. Usually easily passes through firewalls. Used for remote access communication from a single device. No requirement for digital certificates or shared passwords for authentication. Can be run from a browser or light VPN client so additional software is not needed. Some VPN software can be configured as always on, that when you start up your laptop you automatically connect.

Question 71

Software Defined Networking in a Wide Area Network (SD-WAN)

Answer 71

Designed to solve issues with securely connecting to cloud based applications. Data centers used to be found in our own buildings. Now out data can be anywhere with the cloud. Allows us to build dynamic networks that can connect directly to cloud based applications.

Question 72

Secure Access Service Edge (SASE)

Answer 72

Combines networking and security as a service functions into a single cloud-delivered service at the network edge. Allows you to combine multiple technologies and cloud offerings into one security architecture.

Question 73

Regulated Data

Answer 73

Data that a third party sets rules on for how it should be protected. ex. Credit Card Information. Government laws and statutes can determine how data can be stored, and for how long.

Question 74

Trade Secrets

Answer 74

The secret formula

Question 75

Intellectual Property

Answer 75

May be publicly visible but protected using copyright and trademark law

Question 76

Legal Information

Answer 76

It can be difficult to provide information that should be public while protecting information that needs to be private. These are usually stored on different systems.

Question 77

Human Readable

Answer 77

People can read and understand the data

Question 78

Non-Human Readable

Answer 78

Encoded data, barcodes, qr code

Question 79

Proprietary Data

Answer 79

Data that is the property of an organization. May include trade secrets. Often unique to the organization

Question 80

Personally Identifiable Information (PII)

Answer 80

Data that can be used to identify an individual. Name, DOB, mothers maiden name, buimetric information

Question 81

Protected Health Information (PHI)

Answer 81

Health information associated with an individual. Health status, healthcare records, payments for healthcare, etc.

Question 82

Sensitive Data

Answer 82

Intellectual propery, PII, PHICo

Question 83

Confidential

Answer 83

Very Sensitive, must be approved to view

Question 84

Public

Answer 84

No restrictions on viewing the data

Question 85

Private/classified/restricted

Answer 85

Restricted access, may require an NDA

Question 86

Critical

Answer 86

Should always be accessable

Question 87

Data at rest

Answer 87

Data on a storage device. May want to encrypt and apply permissions and access control lists

Question 88

Data in Transit

Answer 88

Data being transmitted over the network. Also called data in motion. If the data isn’t encrypted then there is not much protection as it traverses switches, routers, and devices. Someone could tap into any of these network links and view your data.

Question 89

Network Based Protection

Answer 89

Firewall/IPS

Question 90

Data in Use

Answer 90

Data actively being processed in memory or by the CPU. Could be System RAM, CPU registers, and cache. The data is almost always non-encrypted. Attackers like to go after data in use for this reason.

Question 91

Data Sovereignty

Answer 91

Data that resides in a country is subject to the laws of that country. It is important to consider laws on data monitoring, court orders, etc.

Question 92

General Data Protection Regulation (GDPR)

Answer 92

A European Union regulation that dicctates that any data collected on EU citizens must be stored in the EU.

Question 93

Geolocation

Answer 93

Tells you the localized area of something. Endpoints, data, etc. There are many ways to determine the location of something: 802.11, mobile service, GPS. Can be used to manage access.

Question 94

Geofencing

Answer 94

Automatically allow or restrict access when the user is in a particular location.

Question 95

Confusion

Answer 95

Encrypted data is very different from the plaintext

Question 96

Segmentation

Answer 96

Separating sensitive data into different locations. Also allows additional security to be added for more sensitive data.

Question 97

Server Clustering

Answer 97

Combine two or more servers. Appears and operates like one large server. End users only see one device. Easy to scale and is configured in the server OS.

Question 98

Recovery Site

Answer 98

Data is sychronized here in case of a disaster. In that case, business processes failover to the alternate processing site. Allows for operations to continue while the problem is addressed.

Question 99

Hot Site

Answer 99

An exact replica of the datacenter. Contains all of the same hardware as your primary site. Must buy everything twice. Applications are constantly updated and data is synched. Can move over at any time.

Question 100

Cold Site

Answer 100

An empty building with no hardware. Have to bring all of your data, hardware, and people over to run the site

Question 101

Warm Site

Answer 101

Anything in between a hot and cold site. Can get going, but hardware and data will need to be moved over to get everything running as before.

Question 102

Geographic Dispersion

Answer 102

Sites that are physically far from each other. Many disruptions can effect a large area such as hurricanes, floods, etc. This can be a logistical problem when transporting equipment and employees between the sites.

Question 103

Platform Diversity

Answer 103

Every operating system contains potential security risks. Many security vulnerabilities are specific to a single OS.

Question 104

Muti-cloud systems

Answer 104

Cloud outages happen from time to time, so it may be a good idea to have backup services on multiple providers.

Question 105

Continuity of Operations Planning (COOP)

Answer 105

Not everything goes according to plan. When tech fails we still want to have a manual way to provide our services. Should be tested and documented before a problem occurs.

Question 106

Capacity Planning

Answer 106

Match supply to the demand. Too much supply and you are spending more money than needed. Too much demand and you experience application slowdowns and outages. Requires a balanced approach. Some services require people, which is difficult to scale up and down.

Question 107

Recovery Testing

Answer 107

Testing the process and procedures that take place in the event of a disaster. Use well defined rules of scope, and make sure you do not effect the live production systems. Practice specific scenarios.

Question 108

Failover Test

Answer 108

A failure is inevitable, but you may be able to keep things running. Redundant infrastructure allows you to perform a failover.

Question 109

Simulations

Answer 109

Test an imaginary event. Pen Testing. Allows you to see how your organization would respond.

Question 110

On Site Backups

Answer 110

No internet link required, data is immediately available. Generally less expensive than offsite.