Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Magento 2 Solution Specialist > Features & Functionality - 3.9 Security > Flashcards

Features & Functionality - 3.9 Security Flashcards

1
Q

What is SSL and how is it set for a magento store?

A
  • The store URLs are set in Stores > Configuration > General > Web >Base URLs and Base URLs (Secure).
  • The Magento portion of going SSL-only involves setting the Base URL to be https://example.com.
  • SSL is important as it encrypts traffic going to and from the merchant’s server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is PCI-DSS?

A

PCI-DSS: Payment Card Industry Data Security Standard: this applies to an organization (merchant). It covers all aspects of payment security such as authorized employees, physical and electronic security measures, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is PA-DSS?

A

PA-DSS: Payment Application Data Security Standard: this applies to Magento, Inc.’s products and is a component of being PCI Compliant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Patching for in Magento 2?

A
  • Magento releases patches for security vulnerabilities.
  • Magento includes cron scripts to automatically patch it (which seems dangerous given Magento’s history with problematic patches).
  • Ideal is to review the patch, test it on staging environment, and push live.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Does Magento offer security alerting?

A

Magento offers free security auditing services (Magento Security Center).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Can Magento backup your site?

A

Magento can backup your website, but this will render it unavailable for a period of time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are three major security features in native Magento 2 Enterprise Edition, and are the same features available in Magento 2 Community Edition?

A
  • Strong data encryption (available in CE)
  • Updateable database keys (available in CE)
  • Standard security based on OWASP Top 10: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the data encryption / hashing key management method used in Magento 2 Enterprise Edition? Is the same method used in Magento 2 Community Edition?

A

Magento uses an encryption key to protect passwords and other sensitive data. An industry-standard Advanced Encryption Standard (AES-256) algorithm is used to encrypt all data that requires decryption. This includes credit card data and integration (payment and shipping module) passwords. In addition, a strong Secure Hash Algorithm (SHA-256) is used to hash all data that does not require decryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Magento 2 Solution Specialist (46 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions