Domain 3: (Security Architecture and Engineering) Flashcards
What treats user identity as the control plane and assumes compromise/breach in verifying every request?
Zero Trust Security
What represents a default config reflects a restrictive and conservative enforcement of security policy?
Secure Defaults
What indicates that components should fail in a state that denies rather than grants access?
Fail Securely
What are the secure design principles?
Secure Defaults
Fail Securely
Zero Trust Security
Keep it Simple
What was created by the IAPP and represents making privacy an integral part of every system, technology, policy, and design process?
Privacy by Design
What are the seven principles of privacy by design by IAPP?
Proactive
Privacy as the default setting
Privacy must be embedded in the design
Privacy should be a positive-sum approach
End to end full lifecycle data protection
Visibility and transparency
Keep privacy user-centric
What represents a cloud provider concept in which security is provided to an org through or by an online entity?
Security-as-a-Service
What represents a class of devices connected to the internet in order to provide automation, remote control, or AI processing in a home or business setting?
Internet of Things
What represents mobile devices that offer customization options, typically through installing apps and may use on-device or in-the-cloud AI processing?
Smart Devices
What represents a system that collects data from other sources on the network, provides real-time monitoring, traffic analysis & notification of potential attacks?
SIEM
Security Information and Event Management
What represents a centralized alert and response automation with threat-specific playbooks?
SOAR
Security Orchestration Automation, & Response
What is the creation of discrete services that may be accessed by users in a black box fashion?
SOA
Service Oriented Archietchture
What are fine-grained services with a discrete function and is a modern adaption of SOA to cloud computing?
Microservices
What should be identified early in the development lifecycle?
Code-level vulnerabilities
What techniques should be incorporated early in the CI/CD process to identify deficiencies before release?
Static code analysis
Dynamic testing
What represents a lightweight, granular, and portable way to package apps for multiple platforms and doesn’t have their own operating system?
Containerization
What reduces overhead of server virtualization by enabling containerized apps to run on a shared OS kernel?
Containerization
What is a set of exposed interfaces that allow programmatic interaction between services?
APIs
What uses the HTTPS protocol for web communications to offer API end points?
REST
What must be done prior to storing, distributing, and transmitting access keys?
Encryption
What is an embedded system?
The technology component of an IOT device
A full computer system embedded inside of another larger system
What are examples of embedded systems?
Printers, GPS, drones, semi-autonomous vehicles
What must you consider when dealing with embedded devices to ensure they meet security best practices?
Authentication practices
What represents an alternative to client-server computing model for computer-intensive operations w/ large data sets?
HPC
High Performance Computing