Domain 2: Architecture & Design

Question 1

Network Diagrams

Answer 1

Data flow across telecommunication hardware

Display the inner behaviors of your network, such as routing protocols and subnets, and reveal how information flows

Question 2

Device Diagrams

Answer 2

Shows Individual cabling

Question 3

Naming Conventions

Answer 3

Framework used for naming/labeling your files in a specific way

Question 4

IP Schema

Answer 4

An IP address plan or model to avoid making duplicate IP addresses

Consistent addressing for network devices
Helps avoid duplicate IP addressing

Question 5

Data Sovereignty

Answer 5

Data that resides in a country is subject to
the laws of that country

Question 6

Data masking

Answer 6

Data obfuscation…Hide some of the original data

Question 7

Data at-rest

Answer 7

Data on a storage device

Question 8

Data in-transit

Answer 8

Data transmitted over the network…Also called data in-motion

TLS (Transport Layer Security) & IPsec (Internet Protocol Security) Provide transport encryption

Question 9

Data in-use

Answer 9

Actively processing in memory (System RAM, CPU registers and cache)

Question 10

Tokenization

Answer 10

Replace sensitive data with a non-sensitive placeholder

Commonly used in NFC payments and Credit card processing.

Uses a temporary token during payment…an attacker capturing the card numbers can’t use them later

Question 11

Information Rights Management (IRM)

Answer 11

Control how data is used.

Restrict data access to unauthorized persons
Can prevent copy and paste, Control screenshots, Manage printing, & Restrict editing
Each user has their own set of rights

Question 12

SSL/TLS inspection

Answer 12

Secure Sockets Layer/Transport Layer Security
Commonly used to examine outgoing SSL/TLS

Question 13

API

Answer 13

Application Programming Interface

Mechanisms that enable two software components to communicate with each other using a set of definitions and protocols

Question 14

Honeypots

Answer 14

Makes an attractive site for attackers and traps them there

Question 15

Honeynets

Answer 15

More than one honeypot on a network

Question 16

Telemetry

Answer 16

Data collected from a network environment that can be analyzed to monitor the health and performance, availability, and security of the network and its components

Can be fake

Question 17

DNS sinkhole

Answer 17

A DNS that hands out incorrect IP addresses
Can be used for good or bad

Question 18

MSP/MSSP

Answer 18

Managed service providers - A cloud service provider
Not all cloud service providers are MSPs
Network connectivity management
Backups and disaster recovery
Growth management and planning

Managed Security Service Provider – Firewall management, Patch management, security audits
Emergency response

Question 19

Fog Computing

Answer 19

Decentralized computing infrastructure where the computing resources (e.g., applications) are placed between the cloud and data source

Question 20

Edge computing

Answer 20

Distributed computing paradigm that brings computation and data storage closer to the sources of data.

Supposed to improve response times and save bandwidth.

Moves computer storage and processing (now often just called “compute”) to the edge of the network. This is where it is closest to users and devices and most critically, as close as possible to data sources

It is an architecture rather than a specific technology

Examples of edge use cases include self-driving cars, autonomous robots, smart equipment data and automated retail.

Question 21

Thin client

Answer 21

A simple computer that has been optimized for establishing a remote connection with a server-based computing environment

Typically managed remotely with limited input from the end use

A computer that has no processing power

Question 22

Container

Answer 22

Contains everything you need to run an application like code and dependencies
A standardized unit of software

Question 23

Microservices/API

Answer 23

Monolithic applications
One big application that does everything

Question 24

Serverless architecture

Answer 24

A way to build and run applications and services without having to manage infrastructure.

Cloud based

Question 25

Service Integration and Management (SIAM)

Answer 25

An approach to managing multiple suppliers of services and integrating them to provide a single business-facing IT organization

Question 26

Transit Gateway

Answer 26

Network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks

Question 27

SDN (Software Defined Networking)

Answer 27

Infrastructure as code.

An approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network

Dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth,

Question 28

Elasticity

Answer 28

Increase or decrease available resources as the
workload changes

Question 29

Scalability

Answer 29

The ability to increase the workload in a
given infrastructure

Question 30

Open Web Application Security Project (OWASP)

Answer 30

Worldwide nonprofit organization that focuses on improving software security.

Question 31

Attestation

Answer 31

A claim that the data presented in the report is valid by digitally signing it using the TPM’s private key

A mechanism for software to prove it’s identity. The goal of attestation is to prove to a remote party that your operating system and application software are intact and trustworthy

Question 32

HMAC-based one-time password (HOTP)

Answer 32

Hashed Message Authentication Code

An event-based OTP algorithm that uses a shared secret key and an event counter

Question 33

Token

Answer 33

Physical or digital device that provides two-factor authentication (2FA) for a user to prove their identity in a login process

Additional authentication tools that allow’s one to prove identity electronically

Question 34

Static Code Analysis

Answer 34

Method of computer program debugging that is done by examining the code without executing the program

Identifies defects before you run a program…finds buffer overflows effectively

Question 35

Gait Analysis

Answer 35

An assessment of the way the body moves, usually by walking or running, from one place to another

Question 36

Network Interface Card (NIC) teaming

Answer 36

Hardware component, typically a circuit board or chip, which is installed on a computer so it can connect to a network.

Teaming: The process of combining multiple network cards together for performance, load balancing, and redundancy reasons.

Question 37

Storage Area Network (SAN)

Answer 37

Specialized, high-speed network that provides network access to block level storage

A high-speed network that provides multiple servers access to consolidated pools of shared, block-level storage

Question 38

Full Backup

Answer 38

Copies all source files and folders every time you run the backup, regardless of whether the source files have been changed since the last backup

Question 39

Incremental Backup

Answer 39

Starts with a full backup. It backs up anything that has changed since the last full or incremental backup

Question 40

Differential Backup

Answer 40

Backs up anything that has changed since the last full backup

Question 41

Snapshot

Answer 41

The state of a system at a particular point in time

Question 42

Tape backup

Answer 42

The practice of periodically copying data from a primary storage device to a tape cartridge so the data can be recovered if there is a hard disk crash or failure

Question 43

Disk Backup

Answer 43

Data backup and recovery method that backs data up to hard disk storage

Question 44

Network Access Control (NAC)

Answer 44

The set of rules, protocols, and processes that govern access to network-connected resources

Can be configured on your network devices to deny access to clients that don’t have the latest antivirus signatures or that are running an older version of their operating system

An approach to computer security that attempts to unify endpoint security technology (such as anti-virus, HIP, and vulnerability assessment), user or system authentication, and network security enforcement. When a remote workstation connects to the network, NAC will place it into a segmented portion of the network (sandbox), scan it for malware and validate its security controls, and then based on the results of those scans, either connect it to the company’s networks or place the workstation into a separate quarantined portion of the network for further remediation

Question 45

Persistance

Answer 45

When attacker discreetly maintains long-term access to systems despite disruptions such as restarts or changed credential

Question 46

Non-persistent

Answer 46

Stateless. Environment is always in motion, and application instances can be created, changed, or removed at any time. Desktop state is automatically destroyed at regular intervals. Depending on company policy, it could be at each logoff, every night, or even once a week. Nothing is saved

If you shut down computer, all your data remains as-is on your hard drive, you have persistence. If you shut down computer, all the contents of your computer’s memory are erased, that’s non-persistence. With the growth of automation and public cloud, non-persistence has become more important. With non-persistence, you can more easily automate

Non-persistent system components and services are activated as required using protected information and terminated periodically or at the end of sessions.

Question 47

Raspberry Pi

Answer 47

Small single-board computer

Microcomputer

Question 48

Field-programmable gate array (FPGA)

Answer 48

Integrated circuit designed to be configured by a customer or a designer after manufacturing

Programmable device…used within embedded systems

Electronic component used to build reconfigurable digital circuits

Question 49

Arduino

Answer 49

Open-source electronics platform based on easy-to-use hardware and software

Refers to an open-source electronics platform or board and the software used to program it

A little computer you can program to do things

Question 50

SCADA

Answer 50

Supervisory Control and Data Acquisition - Type of ICS (Industrial Control System) that manages large-scale, multi-site devices and equipment spread over a geographic region.

Commonly used in manufacturing companies

Question 51

IoT

Answer 51

Internet of Things - Group of objects, and they could be electronic or not, and they all have to be connected to the wider Internet by using embedded electronic components
Ex. Smart watch, thermostat, smart refrigerator

Question 52

VoIP

Answer 52

Digital phone service provided by software or hardware devices over a data network.

Technology that allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line

Cheaper that PBX, more secure, takes a lot of bandwidth, becoming the replacement for PBC

Question 53

MFD

Answer 53

Multi-Function Device - device that performs a variety of functions otherwise carried out by separate devices
Ex. All in one printer (MFP, Multi-Function Printer)

Question 54

RTOS

Answer 54

Real-time operating system - Operating system for real-time applications that processes data and events that have critically defined time constraints

OS that guarantees real-time applications a certain capability within a specified deadline

Question 55

Baseband Processor

Answer 55

Chip in a smartphone, tablet or other device that helps convert digital data into radio frequency signals (and vice-versa) which can then be transmitted over a RAN (Radio Access Network).

Manages all the wireless radio functions of a cellular device

Question 56

Zigbee

Answer 56

Standards-based wireless technology developed to enable low-cost, low-power wireless machine-to-machine (M2M) and internet of things (IoT) networks

Question 57

Access control vestibules/Man-trap

Answer 57

Part of a physical access control system that typically provides a space between two sets of interlocking doors

One set of the doors must close before the other one can be opened

Ex. Subway Turnstyle

Question 58

Two-person integrity/control

Answer 58

TPI - form of Separation of Duties where the presence or action of two people are required to complete a specific task or action

Question 59

Faraday cages

Answer 59

Enclosure used to block electromagnetic fields

Question 60

Air Gap

Answer 60

Physical Separation that will require manual transport of files, patches, and other data between 2 environments.

Security measure that involves physically isolating a computer or network and preventing it from establishing an external connection

Question 61

Screened subnet (DMZ zone)

Answer 61

Perimeter network that protects an organization’s internal local area network (LAN) from untrusted traffic

Network architecture where a single firewall is used with three network interfaces

Question 62

Hot aisle/Cold aisle

Answer 62

lining up server racks in alternating rows with cold air intakes facing one way and hot air exhausts facing the other

Question 63

Key stretching

Answer 63

Used in Cryptography to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) it takes to test each possible key.

Converting a password to a longer and more random key for cryptographic purposes such as encryption.

Question 64

ECC

Answer 64

Elliptic Curve Cryptography – key-based technique for encrypting data. Small key size but is still very secure
Used a lot in mobile devices. Asymmetric

Focuses on pairs of public and private keys for decryption and encryption of web traffic

Based on the algebraic structure of elliptic curves over finite fields.

Question 65

Perfect forward secrecy

Answer 65

A style of encryption that enables short-term, private key exchanges between clients and servers

Produces temporary private key exchanges between clients and servers. For every individual session initiated by a user, a unique session key is generated. If one of these session keys is compromised, data from any other session will not be affected.

Question 66

Quantum Computing

Answer 66

A computer that uses quantum mechanics to generate and manipulate quantum bits known as qubits in order to access enormous processing power

Harnesses the laws of quantum mechanics to solve problems too complex for classical computers.

Question 66

Post-quantum cryptography

Answer 66

Refers to algorithms thought to have capabilities to secure against an attack by a quantum computer

Question 67

Ephemeral

Answer 67

A cryptographic key that is generated for each execution of a key-establishment process and that meets other requirements of the key type

*Diffie-Hellman

Question 68

Block Chain

Answer 68

A system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system
*Public ledger

Peer to peer. The longer the blockchain usually the more secure

Question 69

Cipher suite

Answer 69

A set of algorithms that help secure a network connection

Question 70

Stream cipher

Answer 70

Symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream

Encryption technique that works byte by byte to transform plain text into code that’s unreadable to anyone without the proper key

Convert plaintext to ciphertext 1 byte at a time

Question 71

Block cipher

Answer 71

Symmetric Takes a block of plaintext bits and generates a block of ciphertext bits, generally of same size

Block ciphers transform plaintext 1 block (64/128/256 bits) at a time

Slower than stream cipher

Question 72

Symmetric

Answer 72

The use of a single shared secret to share encrypted data between parties

Uses the same shared key for encryption and decryption

Uses a public-private key pair where one key is used to encrypt and the other to decrypt

Shared keys. Same Key = Symmetric. 1 key between 2 people

Question 73

Asymmetric

Answer 73

One key is used to encrypt and another is used to decrypt

2 Seperate keys

Uses private keys to decrypt and Public keys to encrypt…Public Keys can be shared but private keys can’t

The encryption key (also called the public key) and the corresponding decryption key (also called the private key) are different

Question 74

Lightweight cryptography

Answer 74

Encryption method that features a small footprint and/or low computational complexity

Designed for resource-constrained devices

Question 75

Steganography

Answer 75

The practice of hiding a secret message inside of (or even on top of) something that is not secret

The practice of hiding an image, message, or file within something that isn’t a secret

Hiding messages and data

Question 76

Homomorphic encryption

Answer 76

Enables complex mathematical operations to be performed on encrypted data without compromising the encryption

The conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form

Encryption method that allows calculations to be performed on data without decrypting it first

Question 77

Use cases

Answer 77

An attack scenario that a security control, policy, or guideline is intended to prevent or mitigate

Map with a detailed listing of steps that are clearly explained when what to use and how to use a particular product, service, or system

Question 78

Entropy

Answer 78

Used to produce random numbers, which in turn are used to produce security keys to protect data while it’s in storage or in transit

The randomness collected by a system for use in algorithms that require random seeds. A lack of good entropy can leave a crypto system vulnerable and unable to encrypt data securely

The measure of unpredictability of information contained in a message

The measuring of randomness