Domain 2.0: Architecture and Design Flashcards

1
Q

Types of recovery sites

A

Hot site - operational ready-to go data center. Fastest recovery and highest cost

Cold backup site is the opposite. Longest recovery window with lower cost.

Warm site is a compromise of both.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Honeypot and Honeynet

A

Used to study actions of hackers and distract them from more valuable data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

HSM

A

Hardware security module is a combination of hardware and software/firmware that is attached to or contained inside a computer to provide cryptographic functions for tamper protection and increased performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Type II hypervisor

A

Software that runs within an operation system environment. It’s also called hosted hypervisor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DLP

A

Data Loss Prevention is a way of detecting and preventing confidential data from being exfiltrated physically or logically from an organization by accident or on purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Public cloud

A

Shares shared resources over the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Public Cloud models

A

SaaS, PaaS, IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SaaS

A

Software as a Service involves the delivery of a licensed application to customers over the Internet for use as a service on demand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

PaaS

A

Platform as a Service involves delivery of a computing platform often an operating system with associated services, over the Internet without downloads or installation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IaaS

A

Infrastructure as a Service involves delivery of computer infrastructure in a hosted service model over the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Hypervisor

A

software or hardware layer program that permits the use of many instances of an operating system or instance of different operating systems on the same machine, independent of each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Type I native

A

software that runs directly on a hardware platform. It’s also known as bare-metal hypervisor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Scalability

A

Based on capability to handle the changing needs of a system within the confines of the current resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Elasticity

A

Capability to expand and reduce resources as needed at any given point in time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SDN

A

Software-defined networking is a method for organizations to manage network services through a decoupled underlying infrastructure, allowing quick adjustments to changing business requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IAAS clouds

A

consists of workloads deployed across subn ets within one or more isolated availability zones that make up the VPC (virtual private cloud) deployed within a geographic region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

IaaS transit gateway

A

Allows for connection of on-premise networks to cloud-hosted networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

HIDS

A

Host Intrusion Detection System is implemented to monitor event and application logs, port access, and other running processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Authentication factors

A

Something you are

Something you have

Something you know,

Somewhere you are and

Something you do.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Biometrics

A

Iris scan, fingerprint are examples of physical access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Identification

A

presenting credentials or key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Authentication

A

Verifying presented credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

TOTP Algorithim

A

Relies on a shared secret and a moving factor or counter which is current time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

HOTP algorithm

A

Relies on shared secret and a moving factor or counter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Username and password

A

A most common form of authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Token-based authentication

A

Strong form requiring possession of the token item

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Biometric authentication

A

Uses parts of human body for authentication

28
Q

How is brute force attacks prevented

A

Password lockouts

29
Q

Formal Backup types

A

Full, incremental and differential. Also, snapshots and copies meet requirement for certain backup use cases.

30
Q

Differential backup

A

Includes all data that has cjhanged since the last full backup regardless of whether or when last differential backup was made. It does not reset the archive bit.

31
Q

Different backup requires how many backups?

A

Two – last full backup and latest differential backup.

32
Q

Incremental backup

A

Includes all data that has changed since the last incremental backup. It does reset archive bit.

33
Q

Incremental backup require how many backups?

A

Last full backup and every incremental backup since the last full backup.

34
Q

How does multiple disks and a RAID scheme help?

A

A system can stay up and run when a disk fails, as well as during the time the replacement disk is being installed and data is being restored.

35
Q

RAID

A

Redundant Array of Independent Disk organizes multiple disk into large, high performance logical disks

36
Q

Type of RAID

A

RAID 0 - Striped disk array without fault tolerance

RAID 1 - Mirroring and Duplexing

RAID 5 - Independent data disks with distributed parity blocks

RAID 10 - RAID 1 and RAID 0; require a minimum of four disks

37
Q

CASB

A

Cloud Access Security Broker is a solution that addresses security requirements such as visibility, data protection, threat protection and compliance across public cloud services.

38
Q

Network load balancers

A

Server configured in a cluster to provide scalability and high availability.

39
Q

Common physical detective control typically includes what?

A

Motion detectors, CCTV monitors and alarms.

40
Q

Access control vestibule is what?

A

Holding area between two entry points in which one door cannot be unlocked and opened until the other door has been closed and locked.

41
Q

What two issues can occur with HVAC systems?

A

Overcooling causes condensation on equipment.

Too-dry environment lead to excessive static.

42
Q

Two types of fire suppression systems

A

Wet-pipe fire suppression system - they use water to suppress fire.

Dry-pipe systems work in exact the same way as wet-pipe system except that the pipes are filled with pressurized air instead of water.

43
Q

Fire classes and suppression remedies

A

Class A fires (trash, wood and paper) –> Water decrease the fire’s temperature and extinguishes its flames.

Class B fire (fueled by flammable liquid, gases and grease) —> foam is to extinguish the class B fire.

Class C fire (energized electrical equipment, electrical fires and burning wires) are put out using extinguishers based on carbon dioxide.

Class D fires involve combustible metals. The extinguishing agent for class D fires are sodium chloride and a copper-based dry powder.

44
Q

What is PDS and its purpose?

A

Protected Distribution System is to make physical access difficult by enclosing equipment and to make electronic access difficult by using different cables and patch panels.

45
Q

Data center and server farms makes use of alternative rows facing opposing directions. Question is why?

A

Fan intakes draw in cool air vented to racks facing the cold aisle, and then fan output of hot air is vented to the alternating hot aisles for removal from the data center.

46
Q

EMI shielding

A

Seeks to reduce electronic signals that “leak” from computer and electronic equipment. The shielding can be local, can cover the entire room or can cover the whole building. Two types are TEMPEST shielding and Faraday cages.

47
Q

Cryptographic technology provides what?

A

Confidentiality, integrity, nonrepudiation and autthentication

48
Q

Exchanging key

A

Often happens securely “in band” during need to establish a secure session. Any type of out-of-band key exchange relies on having been shared in advance.

49
Q

Encryption can be applied to data state which includes the following:

A

Data at rest
Data in transit
Data in use

50
Q

Confusion refers to what?

A

Level of change from plaintext input to the ciphertext output which should be significant.

51
Q

Diffusion would ensure what?

A

Any change, even minor, to the plaintext input results in significant change to the ciphertext output.

52
Q

Symmetric Key Algorithm

A

It depends on single shared key for encryption and decryption.

53
Q

What are examples of symmetric key algorithim?

A

DES, 3DES, RC5 and AES

54
Q

Asymmetric key algorithms

A

Uses a public key for encryption and a private key for decryption.

55
Q

What are examples of asymmetric key algorithms?

A

RSA, Diffie-Hellman, El Gamal, and elliptic curve cryptography standards.

56
Q

Nonrepudiation

A

Ensures proof or orcin, submission, delivery and receipt.

57
Q

Block ciphers

A

They are not as fast, but they encrypt on blocks of fixed length and have a higher level of diffusion compared to stream in which encryption is performed bit by bit.

58
Q

What is elliptic curve cryptography used mostly in?

A

Mobile and wireless use cases

59
Q

Hashing algorithm

A

Mathematical formula to verify data integrity. If hash values are different, the file has been modified.

60
Q

What type of cryptographic technology should be used in implementations?

A

Proven and well known cryptographic technologies

61
Q

ROT13

A

It is a substitution cipher. The first half of Roman alphabet corresponds to the second half, and it is inverse in nature.

62
Q

What is perfect forward secrecy?

A

After a session is complete, when both sides in the communication process destroy the keys.

It is also known as just forward secrecy.

63
Q

Ephemeral key agreement protocol

A

They provide perfect forward secrecy. DHE and ECDHE is an example of this.

64
Q

Bcrypt and PBKDF2 is what?

A

Key derivation functions (KDFs) that are primarily used for key stretching which provides a means to “stretch” a key or password, making an existing key or password stronger.

65
Q

Blockchains

A

Digital ledgers with transactions grouped into cryptographically linked blocks

66
Q

Adding a salt would prevent what?

A

Rainbow table attack on password hashes.