S2-m1 Flashcards

1
Q

The supporting IT architecture within most modern companies has…

A

multiple, interconnected technological components, with the core infrastructure involving a combination of:
-on-premises and outsourced hardware
-software
-specialized personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who supports the infrastructure?

A

some orgs manage this infrastructure themselves, but many are relying on third party providers to support their IT operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SOC 2 Engagements

A

Examinations in which a third party evaluates and reports on a service organizations system controls as it relates to the AICPA five trust services criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AICPA Five Trust Services Criteria

A
  1. Security
  2. Availability
  3. Processing integrity
  4. Confidentiality
  5. Privacy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

EUDs

A

End user devices are electronic machines, typically computers or mini computers, that directly interact with employees or consumers at the edge of a network, meaning they are the point in a chain of applications or an organizations IT architecture that interfaces with a human. Desktops, laptops…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Network Infrastructure

A

refers to the hardware, software, layout, and topology of network resources that enable connectivity and communication between devices on a computer network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Modem

A

Connects a network to n internet service providers network, usually through a cable connection. It is the device that brings internet into a home or office. Each modem has a public IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Routers

A

Manage network traffic by connecting devices to form a network. They read the source and destination fields in information packet headers to determine the most efficient path through the network for the packet to travel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Switches

A

Similar to routers in that they connect and divide devices within a computer network. However, switches do not perform as many advanced functions as a router, like assigning IP addresses. Connects devices by splitting signal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Gateways

A

Converts protocols. A computer or device that acts as an intermediary between different networks. It transforms data from one protocol into another so that information can flow between networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Edge Enabled Devices

A

Devices allow computing, storage, and networking functions closer to the devices where the data or system requests originates, rather than a distant central location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Servers

A

Physical or virtual machines that coordinate the computers, programs, and data that are part of the network. Most business networks use a client/server model in which the client sends a request to the server and it provides a response or executes some action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Firewalls

A

Software applications or hardware devices that protect a persons or companies network traffic by filtering it through security protocols with the predefined rules. Intended to prevent un authorized access into the organization and to prevent employees from downloading malicious programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Basic Packet Filtering

Firewall

A

Work by analyzing network traffic that is transmitted in packets (data communicated); and determine whether that firewall software is configured to accept the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Circuit level Gateways

Firewall

A

Verify the source of a packet and meet rules and policies set by the security team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Application level Gateways

Firewall

A

Gatways inspect the packet itself. Very resource intensive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Network topology

A

refers to the physical layout of equipment, or nodes in a network, which is essential for understanding how to properly engineer the network for optimal performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the different requirments for components?

Topoolgy

A

length adn type of connecting cables, data transmisssion rates, and physical position of each node in the network. These are based on size of the network, the performance needs of the organization, and the environment in which the network is built.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Bus Topology

A

This layout is either in a linear or tree form, with each node connected to a single line or cable. Data can be transmitted by any node on the system at the same time, which can cause signal interference.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Mesh Topology

A

There are numerous connections between nodes, with all nodes being connected in a full mesh topology and only some connected in a partial mesh toplogy. Common in wireless networks, allows for high levels of traffic but is costly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Ring Topology

A

Nodes are connected in a circular path in ring topologies. When data is transferred to a destination device, it must first go through every other device between the source and destination. There are unidirectional ring paths that allow data transmission to move in one direction, and there are multidirectional paths that flow two way data transmission. Data transmission collision is minimized or eliminated - can result in slow network performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Star Topology

A

Data passes through a central hub that acts as a switch or server, and then transmits to peripheral devices that act as clients. Multiple hubs in case one fails, only nodes connected to that hub will stop functioning. Easier to identify damaged cables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How do devices in a network communicate with other devices?

A

Protocols; the type of protocol governs the way data is transmitted based on the method used like cable/port/wireless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Open System Interconnection Model

A

Helps explain how these protocols work; and how networking devices communicate with each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Application Layer 7

OSI

A

Serves as the interface between applications that a person uses and the network protocol needed to transmit a message. Does not represent actual application being used. Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Presentation Layer 6

OSI

A

Transforms data received from the Application layer into a format that other devices using the OSI model can interpret, such as standard formats for videos, images, and web page. Encryption occurs at this layer. American Standard Code for Information Interchange (ASCII), JPEG, MPEG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Session Layer 5

OSI

A

Allows sessions between communicating devices to be established and maintained. Sessions allow networking devices to have dialogue with each other. Remote Procedure Call (RPC), Structured Query Language (SQL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Transport Layer 4

OSI

A

Supports and controls the communication connections between devices. This involves setting the rules for how devices are referenced, the amount of data that can be transmitted, validating the data’s integrity and determining whether data has been lost. Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Secure Sockets Layers (SSL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Network Layer 3

OSI

A

Adds routing and address header or footers to data, such as source and destination IP addresses, so that the message reaches the correct devices. This layer also detects errors. Internet Protocol (IP), NAT, IPSec, IMGP

30
Q

Data Link Layer 2

OSI

A

Data packets are formatted for transmission. this is determined by the hardware and networking technology, which is usually Ethernet. This layer also adds Media Access Control MAC addresses, which are device identifiers that act as source and destination reference numbers. ISDN, PPTP, L2TP

31
Q

Physical Layer 1

OSI

A

Converts the message sent from the Data Link layer into bits so it can be transmitted to other physical devices. Also receives messages from other physical devices and converts those back from bits to a format that can be interpreted by the Data Link layer. HSSI, SONET

32
Q

What does network infrastructure architecture refer to?

A

Refers to the way an organization structures its network from a holistic design standpoint, considering factors such as:
-geographical layout
-physical and logical layout
network protocols used

33
Q

Local Area Networks (LAN)

A

Provide network access to a limited geographic area such as a home or single location office

34
Q

Wide Area Networks (WAN)

A

Provides access to a larger geographic area such as cities, regions, or countries. Largest example is the internet

35
Q

Software-defined Wide are Networks (SD-WAN)

A

Monitors the performance of WAN connections and manages traffic to optimize connectivity. In WAN, the control and management of the network is integrated into the hardware.

36
Q

Virtual Private Networks (VPN)

A

These are virtual connections through a secure channel or tunnel that provide remote and secure access to an existing network. Commonly referred to as remote desktop connections

37
Q

What is software?

A

consists of the applications, procedures, or programs that provide instructions for a computer to execute

38
Q

Operating Systems

A

software that orchestrates the global functioning of a group of applications, hardware, and their performance by acting as an intermediary between these resources to allow a user to execute specific tasks. An OS defines the parameters for managing a systems memory, processes, records, devices, and user interface.

39
Q

Firmware

A

software that is locally embedded in hardware instructs the hardware how to operate and is commonly known as firmware. Firmware operates like software but exists locally on the machine directing the function of the physical components, such as the motherboard and microprocessor. Is not updated frequently or at all

40
Q

What is Cloud Computing?

A

A computing model that uses shared resources over the internet. Cloud customers rent storage space, processing power, proprietary software, or a combination of the three on remote servers from another company.

41
Q

What is infrastructure elasticity?

Cloud Computing

A

renting only as much as needed on a minute to minute basis

42
Q

Infrastructure as a Service (IaaS)

A

The CSP provides an entire virtual data center of resources in a IaaS model, and organizations can outsource servers, storage, hardware, networking services, and networking components to third party providers, which is generally billed on a per use basis. The company is responsible for keeping the environment in which it operates consistently up and running; virtually managing the performance.

CSP is responsible for the physical management of that infrastructure

43
Q

What is a CSP?

A

A cloud service provider is a third party that provides cloud computing services such as application delivery, hosting, or monitoring to customers. CSP performs all maintenance and tech support on the hardware

44
Q

Platform as a Service (Paas)

A

The CSP provides proprietary tools or solutions remotely that are used to fulfill a specific business purpose. Tools facilitate the creation of programs and delivery of services, such as; building an online platform to sell merchandise; advertise products; or build other websites; all of which run on a CSPS hosted infrastructure

45
Q

Softwas as a Service (Saas)

A

The CSP provides a business application or software that organizations use to perform specific functions or processes. Generally purchase service through licensing

46
Q

What are the 4 types of cloud computing deployment models?

A

Public
Private
Hybrid
Community

47
Q

Public

Cloud Computing Deployment Model

A

Is owned and managed by a CSP that makes the cloud services available to people or organizations who want to use or purchase them.

48
Q

Private

Cloud Computing Deployment Model

A

the cloud is created for a single organization and is managed by the organization or a CSP. The cloud infrastructure can exist on or off the organizations premises.

49
Q

Hybrid

Cloud Computing Deployment Model

A

The could in a hybrid model is composed of two or more clouds, with at least one being a private cloud, that remain unique cloud entities but with technology in place that facilitates the portability of data and applications between each entity

50
Q

Community

Cloud Computing Deployment Model

A

A infrastructure shared by multiple organizations to support a common interest, such as companies banding together for regulatory compliance, a common mission, or collaboration with industry peers.

51
Q

Do CSPs end up in a SOC 2 report?

A

Yes if we think that the CSP is critical for the service organization in question to comply with certain rules.

52
Q

Cloud Controls Matrix

A

A framework designed for best practices regarding cloud security, data protection, and compliance in a cloud environment

53
Q

COSO Enterprise Risk Management - Integrating With Strategy and Performance

A

framework categorizes methods for addressing an organizations risk into five components with 20 supporting principles

54
Q

COSO components

A

Governance and Culture
Strategy and Objective Setting
Performance
Review and Revision
Information, Communication, and Reporting

55
Q

Governance and Culture

COSO Component

A

Sets the company’s tone and reinforces the importance of having oversight of enterprise risk management. Culture is related to the company’s target behaviors and values and involves understanding risk.
1. board risk oversight
2. Establishes operating structures
3. defines culture desired
4. Demonstrates commitment to core values
5. Attracts, develops, retains capable individuals

56
Q

Strategy and Objective Setting

COSO Component

A

Considered with enterprise risk management and strategy during the strategic planning process. A company’s risk appetite should be aligned with its strategy, and business objectives should be put into place to help achieve that level of appetite through identifying risk, assessing, and responding.
6. analyzes business context
7. defines risk apetite
8. evaluates alt strats
9. Formulates business objectives

57
Q

Performance

COSO Component

A

Requires that organizations prioritize their risk based on risk appetite so that business objectives are assessed, met, and reported to key stakeholders.
10. Identify risk
11. address severity of risk
12. Prioritizes risks
13. Implementation of risk Reponses
14. Develops portfolio view

58
Q

Review and Revision

COSO Component

A

Involves reviewing a company’s performance over time and making revisions to functions when needed.
15. asses substantial change
16. Reviews risks and performance
17. Pursues Improvements in enterprise risk management

59
Q

Information, Communication, and Reporting

COSO Component

A

Recommends that a continual process be in place that supports sharing both internal external information throughout the organization.
18. Leverages info and tech
19. Communicated risk info
20. reports risk, culture, and performance

60
Q

Internal Environment

COSO Framework Component

A

Serves as the foundation for a companies risk appetite, helping a company understand the level at which it wants to outsource technology functions

Applicablity to Organizations Considerations of Cloud Computing

61
Q

Objective Setting

COSO Framework Component

A

Management should understand how outsourcing technology functions will help it reach, or potentially higher, its objectives

Applicablity to Organizations Considerations of Cloud Computing

62
Q

Event Identification

COSO Framework Component

A

Management must understand how adopting a CSP could make event identification more complex or easier

Applicablity to Organizations Considerations of Cloud Computing

63
Q

Risk Assement

COSO Framework Component

A

Management should understand the risks of its cloud strategy, understanding the impact to its risk profile, inherent and residual risks, and likelihood of the impact of all risks.

Applicablity to Organizations Considerations of Cloud Computing

64
Q

Risk Response

COSO Framework Component

A

Management should determine whether its risk response will be to avoid a risk, reduce its likelihood, share the risk by transferring a portion of it to ant other entity or accept the risk.

Applicablity to Organizations Considerations of Cloud Computing

65
Q

Control Activities

COSO Framework Component

A

The org should understand how traditional controls such as detective, preventative, automated, and manual as well as entity level controls are modified in a cloud environment

Applicablity to Organizations Considerations of Cloud Computing

66
Q

Information and communication

COSO Framework Component

A

Management should understand how operating in the cloud will affect the timeliness, availability, and dissemination of info and communication

Applicablity to Organizations Considerations of Cloud Computing

67
Q

Monitoring

COSO Framework Component

A

Management should modify its monitoring mechanisms to accommodate new complexities introduced by adopting a cloud solution.

Applicablity to Organizations Considerations of Cloud Computing

68
Q

Cloud Risks

A
  1. The rate of competitor adoption
  2. being in the same risk ecosystem
  3. Transparency
  4. Reliablity and performance
  5. Lack of application portability
  6. Security and compliance
  7. Cyber attacks
  8. Data leakage
  9. IT organizational change
  10. CSP long term viability
69
Q

What are some benefits of using CSP?

A

flexible pricing, reduction of on site hardware, processing data more efficiently by accessing advanced computing power. Also make organizations more resilient by enhancing their disaster recovery capabilities and making them more immune to system failures.

70
Q

Business processes-as-a-service (BPaaS)

A

provider delivers business process outsourcing services to a user, such as managing the revenue cycle for a company.

71
Q

What are risks a company should consider when considering a CSP?

A

-the rate at which other companies are adopting the cloud
-being in the same cloud as other tenants
-reliability of the provider
-security and compliance
-data leaking
-long term viability of the CSP