Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IT Fundamentals - High-level > General > Flashcards

General Flashcards

1
Q

F5 ASM

  • define it
  • provide function
A

Definition:
Application Security Manager is a flexible web application firewall

Function:
Secures web apps in traditional, virtual and private cloud environments.
Helps secure apps against unknown vulnerabilities, DNS poisoning and DDoS attacks.

Summary - filters and monitors by using policies to determine which traffic is malicious and which is safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Pipeline (Azure)

  • define it
  • provide function
A

Definition:
Azure Pipelines is a fully featured continuous integration (CI) and continuous delivery (CD) service.

Function:
It works with your preferred Git provider and can deploy to most major cloud services, which include Azure services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

McAfee MVISION

  • define it
  • provide function
A

Definition:
McAfee MVISION Cloud (formerly Skyhigh Networks) protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It’s cloud-native data security.

Function:
Protects data and stops threats across devices, networks, clouds (IaaS, PaaS, and SaaS), and on-premises environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CASB

  • define it
  • provide function
A

Definition:
A cloud access security broker (CASB) is a software tool or service that sits between an organization’s on-premises infrastructure and a cloud provider’s infrastructure.

Function:
A CASB acts as a gatekeeper, allowing the organization to extend the reach of their security policies beyond their own infrastructure.

Summary - tool that acts as gatekeeper between cloud and on-prem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Logging

  • define it
  • provide function
A

Definition:
In computing, a log file is a file that records either events that occur in an operating system or other software runs, or messages between different users of a communication software.

Function:
Logging is the act of keeping a log.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hardened images

A

Hardened images are virtual machine images that have been hardened, or configured, to be more resilient to cyber attacks. These images are available in the Azure Marketplace and can be used by Azure customers to create new, securely configured virtual machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ISO27001

  • define it
  • provide function
A

Definition:
ISO27001 is a specification for an information security management system (ISMS)

Function:
As the leading international standard and certification for information security, ISO 27001 covers 75-80% of GDPR. This makes it the ideal choice of a framework to support GDPR compliance. The connection between GDPR and ISO 27001 is around personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

RTO & RPO

- define

A

RTO is concerned with applications and systems. The measurement includes data recovery but primarily describes time limitations on application downtime. RPO is concerned with the amount of data that is lost following a failure event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

F5 Load Balancer

  • define it
  • provide function
A

Definition:
A load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers.

Function:
Load balancers are used to increase capacity (concurrent users) and reliability of applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

IP

  • define it
  • provide function
A

Definition:
Part of a longer abbreviation — TCP/IP. That stands for Transmission Control Protocol/Internet Protocol. IP stands for ‘Internet Protocol.

Function:
An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: host or network interface identification and location addressing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Azure Activity Log

A

Definition:
The Azure Activity Log is a subscription log.

Function:
Provides insight into subscription-level events that have occurred in Azure. This includes a range of data, from Azure Resource Manager operational data to updates on Service Health events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DC

A

Definition:
A domain controller (DC) is a server that responds to security authentication requests within a Windows Server domain.

Function:
It is a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources

Summary - authentication server within Windows Server domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DNS

A

Definition:
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses.

Function:
DNS translates domain names to IP addresses so browsers can load Internet resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

VIP

A

Definition:
A virtual IP address (VIP or VIPA) is an IP address that doesn’t correspond to an actual physical network interface.

Functions:
Uses for VIPs include network address translation (especially, one-to-many NAT), fault-tolerance, and mobility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

WAF

A

Definition:
Azure Web Application Firewall is a cloud-native service.

Function:
Protects your web applications from bot attacks and common web vulnerabilities such as SQL injection and cross-site scripting. … This setting ensures that the Azure DDoS Protection service also protects the application gateway virtual IP (VIP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Logstash

A

Definition:
Logstash is a free and open server-side data processing pipeline

Function:
Ingests data from a multitude of sources, transforms it, and then sends it to your favorite “stash.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Elasticsearch vs Logstash vs Kibana (ELK Stack)

A

Elasticsearch is a search and analytics engine.

Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a “stash” like Elasticsearch.

Kibana lets users visualize data with charts and graphs in Elasticsearch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Azure Event Hubs

A

Definition:
Azure Event Hubs is a big data streaming platform and event ingestion service.

Function:
It can receive and process millions of events per second. Data sent to an event hub can be transformed and stored by using any real-time analytics provider or batching/storage adapters.

Summary - used to process and then send data to multiple location for storage or analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

SaaS

A

Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring and office tools (such as Microsoft Office 365).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

PaaS

A

Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

IaaS

A

Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

IaC

A

Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the internet. It’s one of the four types of cloud services, along with software as a service (SaaS), platform as a service (PaaS), and serverless.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Azure DevOps

A

Azure DevOps is a Software as a service (SaaS) platform from Microsoft that provides an end-to-end DevOps toolchain for developing and deploying software. It also integrates with most leading tools on the market and is a great option for orchestrating a DevOps toolchain.

Summary - SaaS for developing and deploying software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Azure Tenant vs Subscription

A 
Subscription = billing
Tenant = might be one or more per sub. Is the org that owns and manages a specific instance of MS cloud services
25
Q

What is RBAC?

A

Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an enterprise. RBAC lets employees have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them.

Summary - adds layer on top of network access on a per user basis

26
Q

What is AKS?

A

Azure Kubernetes Service (AKS) is a managed container orchestration service, based on the open source Kubernetes system, which is available on the Microsoft Azure public cloud. An organization can use AKS to deploy, scale and manage Docker containers and container-based applications across a cluster of container hosts

AKS - used to deploy and manage Docker containers

27
Q

What is telemetry?

A

Telemetry is the collection of measurements or other data at remote points and their automatic transmission to receiving equipment for monitoring. The word is derived from the Greek roots tele, “remote”, and metron, “measure”

Summary - collection of data and then transmission to monitoring services

28
Q

What is an OU in AD?

A

An organizational unit (OU) is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units. You can create organizational units to mirror your organization’s functional or business structure.

29
Q

What is NTP?

A

NTP stands for Network Time Protocol, and it is an Internet protocol used to synchronize the clocks of computers to some time reference.

30
Q

What is a DMZ?

A

In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network or screened subnet) is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet.

31
Q

What is SCIM?

A

System for Cross-domain Identity Management is a standard for automating the exchange of user identity information between identity domains, or IT systems.

32
Q

What is a NIC?

A

Network Interface Control

NIC allows both wired and wireless communications (be it local (LAN) or over internet (IP)

33
Q

What is DNS Forwarding?

A

The DNS forwarder(s) tell the DNS service where to send queries if it doesn’t “know” the answer

34
Q

PIM

A

Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services like Office 365 or Microsoft Intune.

35
Q

Shift left Security

A

In the parlance of DevOps and security, a shift left simply means that security is built into the process and designed into the application at an earlier stage of the development cycle.

36
Q

Managed identity vs service principal

A

So an managed identity (MSI) is basically a service principal without the hassle. When you set up a functions app, you can turn on the option for an MSI. … This managed identity is linked to your functions app, and can be used to authenticate to other Azure resources, just like a normal service principal.

37
Q

Self-signed cert

A

In cryptography and computer security, a self-signed certificate is a certificate that is not signed by a certificate authority (CA). These certificates are easy to make and do not cost money. However, they do not provide all of the security properties that certificates signed by a CA aim to provide.

38
Q

Man-in-the-middle attack

A

Is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems. A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.

39
Q

Problem with using self signed cert

A

Man-in-the-middle attack

Drives away potential clients for fear that website does not secure creds

40
Q

LDAP

A

LDAP stands for Lightweight Directory Access Protocol. As the name suggests, it is a lightweight client-server protocol for accessing directory services, specifically X. 500-based directory services. LDAP runs over TCP/IP or other connection oriented transfer services.

41
Q

Azure Locks

A

Resource Manager Locks provide a way for administrators to lock down Azure resources to prevent deletion or changing of a resource. These locks sit outside of the Role Based Access Controls (RBAC) hierarchy and when applied will place the restriction on the resource for all users.

42
Q

Service principal

A

An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. Think of it as a ‘user identity’ (login and password or certificate) with a specific role, and tightly controlled permissions to access your resources.

43
Q

SSL

A

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook)
Largely deprecated

44
Q

TLS

A

Transport Layer Security is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet.
Padlock when secure session is established

45
Q

SSL vs TLS

A

SSL and TLS are cryptographic protocols that authenticate data transfer between servers, systems, applications and users.
TLS is newer version. Technical differences are… technical (handshake process, alert messages, cipher suites, record protocol, message auth)

46
Q

Azure Postgres

A

Azure Database for PostgreSQL is a relational database service based on the open-source Postgres database engine. It’s a fully managed database-as-a-service offering that can handle mission-critical workloads with predictable performance, security, high availability, and dynamic scalability.

47
Q

Azure Conditional Access

A

The modern security perimeter now extends beyond an organization’s network to include user and device identity. Organizations can utilize these identity signals as part of their access control decisions.

Conditional Access is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies. Conditional Access is at the heart of the new identity driven control plane.

48
Q

Checksum

A

A checksum is a small-sized datum derived from a block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage.

49
Q

SPI (Security)

A

The Security Parameter Index (SPI) is an identifier used to uniquely identify both manually and dynamically established IPSec Security Associations.

50
Q

Azure Automation

A

Azure Automation is a new service in Azure that allows you to automate your Azure management tasks and to orchestrate actions across external systems from right within Azure.
In Automation they are a container for all your runbook, runbook executions (jobs), and the assets that your runbooks depend on

51
Q

Azure Private Links

A

Azure Private Link provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services. It simplifies the network architecture and secures the connection between endpoints in Azure by eliminating data exposure to the public internet.

52
Q

statsD

A

Monitoring/Logging tool

A set of tools that can be used to send, collect, and aggregate custom metrics from any application.

53
Q

What’s the difference between bandwidth and internet speed?

A

Internet speed is how fast your internet connection is. It can vary from moment to moment, depending on network traffic and other factors. Bandwidth is the maximum speed your internet connection is capable of. This doesn’t change unless you change your internet plan.

54
Q

What’s a good latency for internet?

A

Browsing <100ms

Gaming <50ms

55
Q

Mock API

A

mock API server imitates a real API server by providing realistic responses to requests

56
Q

Pen testing

A

Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.

57
Q

Blue-Green deployments

A

Blue-Green deployment is a software rollout method that can reduce the impact of interruptions caused due to issues in the new version being deployed

58
Q

NTE

A

Network Termination Equipment - device connecting customer to carrier line.

IT Fundamentals - High-level (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions