Domain 2.0: Architecture & Design

Question 1

Recovery sites can be hot, warm or cold. explain the difference

Answer 1

hot site: is an operational ready-to-go data center; it has the fastest recovery time and highest cost
cold site: longer recovery window with a lower cost
warm site is a compromise

Question 2

_____ and ____ are used to study the actions of hackers and distract them from more valuable data

Answer 2

honeypots/honeynets

Question 3

An ____ is a combination of hardware and software/firmware that is attached to or contained inside a computer to provide cryptographic functions for tamper protection and increased performance

Answer 3

HSM (hardware security module)

Question 4

____ is a way of detecting and preventing confidential data from being exfiltrated physically or logically from an organization by accident or on purpose

Answer 4

DLP (data loss prevention)

Question 5

a ____ cloud provides shared resources over the Internet

Answer 5

public

Question 6

3 common public cloud models are SaaS, PaaS and IaaS. explain the difference

Answer 6

SaaS: involves the delivery of a licensed application to customers over the Internet for use as a service on demand
PaaS: delivery of a computing platform, often an operating system with associated services, over the Internet without downloads or installation
IaaS: involves the delivery of computer infrastructure in a hosted service model over the Internet

Question 7

a _____ is a software or hardware layer program that permits the use of many instances of an operating system or instances of different operating systems on the same machine, independent of each other

Answer 7

hypervisor

Question 8

a Type __ native or bare-metal hypervisor is software that runs directly on a hardware platform

Answer 8

Type I

Question 9

a Type __, or hosted, hypervisor is software that runs within an operating system environment

Answer 9

Type II

Question 10

_____ is based on the capability to handle the changing needs of a system within the confines of the current resources

Answer 10

Scalability

Question 11

______ is the capability to expand and reduce resources as needed at any given point in time

Answer 11

elasticity

Question 12

____ is a method for organizations to manage network services through a decoupled underlying infrastructure, allowing quick adjustments to changing business requirements

Answer 12

SDN

Question 13

_____ clouds consist of workloads deployed across subnets within one or more isolated availability zones that make up the VPC deployed within a geographic region

Answer 13

IAAS

Question 14

an ____ transit gateway allows for the connection of on-premise networks to cloud-hosted networks

Answer 14

IaaS

Question 15

a ____ is implemented to monitor event and application logs, port access, and other running processes

Answer 15

HIDS

Question 16

_____ factors are something you are, something you have, something you know, somewhere you are, and something you do

Answer 16

authentication

Question 17

_____, such as iris scans and fingerprints, are examples of physical access controls

Answer 17

biometrics

Question 18

____ is presenting credentials or keys; ____ is verifying presented credentials

Answer 18

identification, authentication

Question 19

the ____ algorithm relies on a shared secret and a moving factor or counter, which is the current time

Answer 19

TOTP

Question 20

the ____ algorithm relies on a shared secret and a moving factor or counter

Answer 20

HOTP

Question 21

this combo is the most common form of authentication

Answer 21

password and username

Question 22

_____-_____ authentication is a strong form requiring possession of the token item

Answer 22

token based

Question 23

____ lockouts prevents brute-force attacks

Answer 23

password lockout

Question 24

formal backup types include ___, ______, and _____. in addition, snapshots and copies meet requirements for certain backup use cases

Answer 24

full, incremental and differential

Question 25

a ____ backup includes all data that has changed since the last full backup, regardless of whether or when the last differential backup was made. it does not reset the archive bit

Answer 25

differential backup

Question 26

a _____ backup never requires more than 2 backups for restore operations (the last full backup and the latest differential backup)

Answer 26

differential

Question 27

an _____ backup includes all the data that has changed since the last _____ backup. it does reset the archive bit

Answer 27

incremental

Question 28

an _____ backup requires the last full backup and every ____ backup since the last full backup

Answer 28

incremental

Question 29

with _____ disks and a _____ scheme, a system can stay up and running when a disk fails, as well as during the time the replacement disk is being installed and data is being restored

Answer 29

multiple, RAID

Question 30

_____ organizes multiple disks into a large, high-performance logical disk. describe the popular types of _____

Answer 30

RAID RAID 0: striped disk array without fault tolerance RAID 1: mirroring and duplexing RAID 5: independent data disks with distributed parity blocks RAID 10: RAID 1 and RAID 0; requires a minimum of 4 disks

Question 31

_____ solutions address security requirements such as visibility, data protection, threat protection, and compliance across public cloud services

Answer 31

CASB

Question 32

Network ____ _____ are servers configured in a cluster to provide scalability and high availability

Answer 32

load balancers

Question 33

common physical _____ controls include motion detectors, CCTV monitors, and alarms

Answer 33

detective

Question 34

an access control ______ is a holding area between two entry points in which one door cannot be unlocked and opened until the other door has been closed and locked

Answer 34

vestibule

Question 35

with ____ systems, overcooling causes condensation on equipment and too dry environments lead to excessive static

Answer 35

HVAC

Question 36

this is what a sprinkler system is called _______________________ while this system has pipes filled with pressurized air instead of water

Answer 36

wet-pipe fire-suppression system dry pipe systems

Question 37

list the different fire classes and suppression remedies

Answer 37

class a: (trash, wood, and paper), water class b: (flammable liquids, gases, and grease), foam class c: (energized electrical equipment, electrical fires, and burning wires), carbon dioxide based extinguishers class d: (combustible metals), sodium chloride and copper-based dry powder

Question 38

purpose of ____: is to make physical access difficult by enclosing equipment and to make electronic access difficult by using different cables and patch panels

Answer 38

PDS

Question 39

purpose of ____: is to make physical access difficult by enclosing equipment and to make electronic access difficult by using different cables and patch panels

Answer 39

PDS

Question 40

data centers and server farms use ____ ____ facing opposing directions. fan intakes draw in cool air vented to racks facing the cold aisle, and then fan output of hot air is vented to the alternating hot aisles for removal from the data center

Answer 40

alternating rows

Question 41

____ shielding seeks to reduce electronic signals that leak from computer and electronic equipment. the shielding can be local, can cover an entire room or can cover a whole building. two types are _____ shielding and ______ cages

Answer 41

EMI TEMPEST shielding, faraday cages

Question 42

cryptographic tech provides for ___, ____, ____, and authentication

Answer 42

confidentiality, integrity, nonrepudiation, authentication

Question 43

exchanging keys often happens securely ______ during the need to establish a secure session. any type of out of band key exchange relies on having been shared in ____

Answer 43

in band, advance

Question 44

encryption can be applied to ____ ___ which includes data at rest, transit and in use

Answer 44

data state

Question 45

____ refers to the level of change from the plaintext input to the ciphertext output, which should be significant

Answer 45

confusion

Question 46

______ ensures that any change, even minor, to the plaintext input results in significant change tot he ciphertext output

Answer 46

diffusion

Question 47

_____ key algorithms depend on a shared single key for encryption and decryption. examples: DES, 3DES, RC5, and AES

Answer 47

symmetric

Question 48

____ key algorithms use a public key for encryption and a private key for decryption. examples: RSA, Diffie-Hellman, El Gamal, and elliptic curve cryptography standards

Answer 48

asymmetric

Question 49

______ ensures proof of origin, submission, delivery and receipt

Answer 49

nonrepudiation

Question 50

_____ ciphers are not as fast, but they encrypt on blocks of a fixed length and have a higher level of diffusion compared to ___ ciphers in which encryption is performed bit by bit

Answer 50

block, stream

Question 51

_____ ____ cryptography is most common in mobile and wireless use cases

Answer 51

elliptic

Question 52

a ____ algorithm uses a mathematical formula to verify data integrity. if ___ values are different, the file has been modified

Answer 52

hashing, hash

Question 53

____ is a substitution cipher. first half of the roman alphabet corresponds to the second half and it is inverse in nature

Answer 53

ROT13

Question 54

after a session is complete, when both sides in the communication process destroy the keys, this is known as ____ ____ _____ or just ____ _____

Answer 54

perfect forward secrecy, forward secrecy

Question 55

_____ ___ agreement protocols such as DHE and ECDHE provide perfect forward secrecy

Answer 55

ephemeral key

Question 56

____ and ____ are key derivation functions (KDFs) that are primarily used for key stretching, which provides a means to stretch a key or password, making an existing key or password stronger

Answer 56

Bcrypt, PBKDF2

Question 57

_____ are igital ledgers with transactions grouped into cryptographically linked blocks

Answer 57

blockchains