Domain 3 Security Architecture Flashcards
An organization leverages both on-premises data centers and cloud services to host its applications and data. What security considerations are typically associated with a hybrid architecture?
Integration of on-premises and cloud security controls is crucial.
When engaging third-party vendors for security services or products, what should be a primary concern to ensure the security of an organization’s information assets?
The security practices and measures implemented by the vendor.
A company that has adopted a microservices architecture, what security challenge might arise during the development and deployment of new features?
Rapid development cycles leading to potential oversight of security best practices
When designing a security architecture with a high emphasis on availability, what is a key consideration regarding system redundancy?
Implementing redundant systems in geographically diverse locations
An organization decides to purchase cyber insurance to transfer the financial risk associated with a potential data breach, what risk management strategy is being employed?
Risk transference
What is a primary security advantage of adopting an on-premises infrastructure?
Enhanced control over the physical security of the infrastructure
When comparing centralized and decentralized security architectures, what is a potential drawback of a centralized model?
Increased susceptibility to a single point of failure.
When implementing the principle of security through obscurity, what practice should be avoided?
Using default configurations for critical systems
In a healthcare organization, there is a need to safeguard patient records and comply with privacy regulations. What type of data is the organization primarily concerned with protecting?
Regulated data
In a financial institution, customer account details and transaction records need protection due to regulatory requirements. What data classification level would likely be assigned to this type of information?
Confidential
In a government agency, there is a need to handle information related to national security. What data classification level would likely be assigned to this type of sensitive information?
Top Secret
In a corporate environment, the employee handbook and internal policies need to be shared with all employees. What data classification level would likely be assigned to these documents?
Public
A multinational corporation is expanding its operations to comply with data sovereignty requirements in various countries. What does the company need to consider when addressing data sovereignty concerns?
Ensuring the physical location of data centers complies with local regulations
Which encryption method uses the same key for both encryption and decryption processes and is commonly used for securing communication channels?
Symmetric encryption
An organization uses a cloud-based collaboration platform for employees to work on projects. What security measure should be emphasized to protect data in use on this platform?
Using role-based access controls within the platform
A cyber-security professional is implementing a password storage system that should securely store user passwords. What cryptographic technique is suitable for this purpose to protect against unauthorized access to the actual passwords?
Hashing
A company is implementing data masking to protect personally identifiable information (PII) in a non-production environment. What is the primary purpose of data masking in this scenario?
Protecting data confidentiality
A database administrator is concerned about protecting passwords stored in a database from unauthorized access. In addition to hashing, what additional technique should be implemented to enhance security?
Salting
What is the primary goal of a security token in a multi-factor authentication (MFA) system?
To provide a second factor of authentication
You are a developer working on a web application that processes user input and stores it in a database. How do you ensure that the application is protected against SQL injection attacks?
Use parameterized queries or prepared statements.