Domain 3 : Explain the importance of resilience and recovery in security architecture

Question 1

High Availability

Answer 1

A high-availability infrastructure is designed to not only withstand relentless cyberattacks but also possesses the technical sophistication to autonomously detect, mitigate, and heal vulnerabilities in real time

Question 2

Least Utilized Host

Answer 2

The load balancer monitors the health of all web servers within the server farms and identifies the least utilized host (that is, the host with the lightest current workload) using a smart scheduling algorithm. This method is effective for applications where server load varies, and the goal is to optimize resource utilization.

Question 3

DNS round robin

Answer 3

With DNS round robin, when the request comes in, the load balancer contacts the DNS server and rotates requests starting with the IP address that has the lowest number first. It rotates through Web 1, Web 2, and Web 3, and then keeps the sequence going by going back to Web 1 on a rotational basis, as illustrated by Figure 13.2:

Question 4

Affinity

Answer 4

: Affinity is a technique in which the load balancer directs requests from the same client to the same backend server for the duration of a session. The client is identified by their IP address or another session attribute. When the load balancer is set to “Affinity”, the request is sent to the same web server based on the requester’s IP address. This is also known as session persistence or a sticky session, where the load balancer uses the same server for the session.

Question 5

active/active load balancer configuration

Answer 5

load balancers function together as a dynamic array, actively managing incoming traffic. The configuration can include multiple load balancers and there must be at least two. They not only distribute traffic but also cache requests for enhanced efficiency. An interesting feature is that if a user returns to a website for a subsequent visit, they are directed to the same load balancer that handled their initial request

Question 6

active/passive load balancer configuration

Answer 6

has one active load balancer and one or more passive load balancers. The active node is responsible for actively load-balancing incoming requests. Simultaneously, the passive node or nodes operate in standby mode, constantly monitoring the active node’s health and status. Should the active node encounter a failure or become unavailable, a passive node seamlessly takes over, ensuring uninterrupted service

Question 7

Downtime

Answer 7

: time during which production is stopped especially during setup for an operation or when making repairs.

Question 8

Clustering

Answer 8

clustering involves grouping multiple servers or nodes together to operate as a single system. Clustering involves an active node and a passive node that share a common quorum disk, reinforced by a witness server, heartbeat communication, and a VIP at the forefront.

Question 9

Quorum Disk

Answer 9

: The quorum disk is a shared storage resource that members of the cluster share. It acts as a neutral arbiter, storing critical configuration and state information that both the active and passive nodes access. This shared resource serves as the backbone of decision-making within the cluster.

Question 10

Witness server

Answer 10

Adding an additional layer of reliability, the witness server is an impartial entity that assists in determining the state of the cluster. The witness server helps prevent split-brain scenarios and ensures that the cluster operates smoothly.

Question 11

Heartbeat communication

Answer 11

Communication between the active and passive nodes is facilitated through a heartbeat mechanism. This heartbeat—analogous to the rhythmic pulse of a living organism—involves regular exchanges of status updates, or a “node heartbeat.” The passive node continuously monitors the active node’s heartbeat. If it detects an absence or irregularity in the node heartbeat, it knows that the active node has failed.

Question 12

Virtual IP (VIP):

Answer 12

: At the forefront of the clustering setup is the VIP. It’s the public-facing interface of the cluster, acting as the entry point for external requests. The VIP ensures that even if the active node experiences any failures, the cluster remains accessible to users without disruption.

Question 13

Hot site

Answer 13

: A hot site is the best site for rapid recovery. It is a fully operational site that mirrors your primary data center or infrastructure. This site is up and running with staff loading data into the systems immediately as it is replicated. This immediate response capability makes hot sites the most expensive option to maintain but also the fastest to recover from downtime.

Question 14

Warm site

Answer 14

: A warm site is fully functional, but data synchronization typically lags behind that of a hot site. Data may be sent to the warm site by courier or other means, resulting in a delay of 3–4 hours compared to the primary site. This setup allows for a reasonably swift recovery while being more cost-effective than a hot site.

Question 15

Cold site

Answer 15

Where the budget is very limited, a cold site presents an economical choice. Unlike hot and warm sites, a cold site is essentially an empty shell. It provides essential infrastructure, such as a power and water supply, but lacks staff, equipment, and data

Question 16

Geographic disperation

Answer 16

Geographic dispersion involves the strategic distribution of data centers, servers, and critical infrastructure across different geographical locations, often separated by significant distances. The primary objective is to enhance resilience by reducing the risk of a single point of failure.

Question 17

Local Redundant Storage (LRS)

Answer 17

In LRS, three copies of your data are replicated within a single physical location or data center.

Question 18

Zone Redundant Storage (ZRS)

Answer 18

ZRS takes redundancy a step further by replicating data between three separate availability zones within your primary cloud region

Question 19

Availability Zone

Answer 19

Availability zones have independent power, cooling, and networking infrastructure. They’re designed so that if one zone experiences an outage, then regional services, capacity, and high availability are supported by the remaining zones.

Question 20

GEO Redundant Storage (GRS

Answer 20

Similarly to LRS, GRS offers robust redundancy by creating three copies of your data within a single physical location in the primary region. However, GRS takes this a step further by also storing one copy of the data in a secondary region, often located at a considerable geographical distance. This approach provides protection against regional disasters while maintaining high availability within the primary region.

Question 21

GEO Zone Redundant Storage (GZRS)

Answer 21

GZRS combines the benefits of ZRS and GRS. It replicates data between three separate availability zones within your primary region and one copy to a secondary region, ensuring both regional and zone-level redundancy. This comprehensive approach maximizes data resilience and availability.

Question 22

Data sovereignty

Answer 22

Data sovereignty regulations in various countries dictate where data can be stored and processed.

Question 23

Continuity of Operations (COOP)

Answer 23

COOP is a comprehensive strategy that enables organizations to continue essential functions and services during and after disruptive events.

Question 24

COOP Includes

Answer 24

Resilience and redundancy: COOP aims to build resilience into an organization’s infrastructure, systems, and processes. This includes redundancy in critical systems, data backups, and alternate communication methods. The goal is to reduce single points of failure.
Communication plans: Effective communication is vital during a crisis. COOP includes well-defined communication plans that ensure information flows smoothly within the organization and to external stakeholders. This helps maintain trust and transparency during challenging times.
Personnel preparedness: COOP involves training personnel to carry out their roles during disruptions. This includes cross-training, developing clear responsibilities, and ensuring that key personnel are available, even during emergencies. Organizations simulate disruptions to evaluate their ability to execute the plan and make improvements as necessary.
Review and updates: Regular reviews and updates are essential to keep the plan aligned with current risks and organizational changes.

Question 25

Capacity Planning

Answer 25

Capacity planning is a strategic process that organizations use to ensure they have the right resources (including personnel, technology, and infrastructure) to meet current and future demands effectively and efficiently.

Question 26

table top excerise

Answer 26

A tabletop exercise is a valuable tool for testing your disaster recovery plan in a controlled, hypothetical setting. During this exercise, key stakeholders gather around a table to discuss and strategize how they would respond to a disaster scenario.

Question 27

Failover

Answer 27

r: Failover mechanisms are a testament to resilience in action. They enable the seamless transfer of operations to backup systems or data centers in the event of a system failure or disruption

Question 28

Simulations

Answer 28

Simulations introduce an element of competitiveness and urgency into disaster recovery exercises. The exercise typically involves a white team overseeing and assessing responses based on a predefined disaster scenario from the recovery plan. These drills simulate real-world cyberattacks, enabling organizations to test their incident response plans in a controlled environment.

Question 29

Snapshots

Answer 29

Snapshots are copies of virtual machines frozen at a specific point in time.

Question 30

Journaling

Answer 30

journaling meticulously records when files are created, edited, or removed, along with the specifics of these changes.

Question 31

Generators

Answer 31

Generators serve as the dependable backup, ensuring that essential systems remain operational, even when the primary power source fails. Generators are safety nets that prevent organizations from plunging into darkness during power outages or disruption

Question 32

Off site back ups

Answer 32

If we are backing up media, we should keep a copy off-site in case of a natural disaster such as a fire or flood.

Question 33

Uninterruptible Power Supply (UPS)

Answer 33

A UPS is an electrical device used to provide backup power to connected equipment or devices during power outages or fluctuations in the electrical supply.

Question 34

Power Distribution Units

Answer 34

PDUs serve as a frontline defense, effectively mitigating power spikes, blackouts, and brownouts to safeguard your critical equipment and data

Question 35

Parallel processes

Answer 35

Concurrent task execution for optimized performance

Question 36

business partnership agreement (BPA)

Answer 36

A BPA is used between two companies who want to participate in a business venture to make a profit. It sets out how much each partner should contribute, their rights and responsibilities, the rules for the day-to-day running of the business, who makes the decisions, and how the profits are shared. It also establishes rules for termination of the partnership, either at a given point in time or if one of the partners dies or is otherwise unable or unwilling to continue their partnership.

Question 37

IPsec packet portions

Answer 37

An IPSec packet is formed of two different portions:
Authenticated Header (AH): This feature consists of either SHA-1 or MD5 hashing algorithms, which provide data integrity to ensure the packet has not been tampered with in transit.
Encapsulated Security Payload (ESP): ESP is the part of the IPSec packet in which the data is stored and encrypted using symmetric encryption via DES, 3DES, or AES. It comprises several key elements

Question 38

SSH

Answer 38

This is a remote access protocol that replaces Telnet, running commands far more securely than its predecessor. It is commonly used when you want remote access to network devices and can also be used as a command-line tool or in a Graphical User Interface (GUI), though it is not browser-based; in Linux, rather than use a password, SSH keys can be used to establish secure SSH key-based authentication.

Question 39

ESP header

Answer 39

ESP adds an additional header to the IP packet. The header contains information necessary for the proper processing of the packet during transmission and reception.

Question 40

Payload Data

Answer 40

This is the actual data that is being transmitted and can be any type of network traffic, such as email, web browsing, or file transfers.

Question 41

ESP security Payload

Answer 41

ESP is the part of the IPSec packet in which the data is stored and encrypted using symmetric encryption via DES, 3DES, or AES

Question 42

ESP trailer

Answer 42

ESP trailer (optional): This is an optional component that may be added to the end of the payload data for padding or integrity checks.

Question 43

VPNS

Answer 43

A VPN server resides within a company’s network, and the client employs specific software to facilitate the connection, all of which takes place over the internet, reducing costs. This VPN setup allows for stringent control over incoming sessions, ensuring that only authorized users can gain access to the network.