Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ 601 > Sec+ Chapter 09: Resilience and Physical Security > Flashcards

Sec+ Chapter 09: Resilience and Physical Security Flashcards

1
Q

Redundancy

A

Having more than one of a system, service, device, or other component to maintain uptime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Geographic dispersal of systems

A

Ensures a single disaster, attack, or failure can’t disable or destroy systems

Also protects against power grid failures, network connectivity, etc

EX: Common rule of thumb for datacenters is to place them 90 miles apart, preventing most common natural disasters from disabling them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Separation of servers

A

Used to avoid a single server rack being a point of failure. Systems may be placed in two or more racks in case a single point of failure of a PDU (power distribution unit) or even something simple as a leak that drips into the rack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Multipath

A

Use of multiple network paths to ensure a severed cable or failed device doesn’t cause a loss of connectivity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Redundant network devices

A

Multiple routers, firewalls, and IPSs to prevent a single point of failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Load balancers

A

Balances the load between multiple servers

Someone access the load balancer, which then decides what server is able to provide the particular requested service

Balancer is always checking in with active servers, and if one doesn’t respond the balancer will disable connections to that server and enable a standby server instead

Commonly used to allow system upgrades by redirecting traffic away while it’s being upgraded and returning it after it’s patched or upgraded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NIC Teaming

A

AKA: LBFO (load balancing / fail over)

Plug in and use multiple connections to a server, but instead of a primary and standby, you can use both simultaneously and aggregate bandwidth between both

Provides increased throughput and a way to have redundant paths in case one of the connections fails

On the server, configured by installing multiple NICs which look as one interface on server OS

Also configure the switch side to interpret traffic to any connections as something NIC teamed in the server

Provides redundancy as well in case of any connectivity issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

UPS

A

Uninterruptible power supply

An actual piece of hardware that provides battery-powered backup power options for short periods of time

Three types:

1) Offline / standby UPS: simplest, least expensive and not normally enabled unless power is lost

2) Line-interactive UPS: If the voltage is slowly diminishing on the line, this slowly ramps up backup power

3) Online / double-conversion UPS: most complex and expensive, always online and providing power

Gas generators are used for longer outages but may take a few minutes to get up to speed, so use battery UPS and generator to ensure no downtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Managed PDU

A

Managed power distribution unit

Provides intelligent power management and remote control of power delivered inside server racks and other environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Diversity of technologies

A

Using different vendors, cryptographic solutions, platforms, and controls can make it more difficult for a single attack or failure to have major impact.

Major cost to this, like additional training, issues when integrating disparate systems, and potential for human error as complexity increases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RAID

A

Redundant array of inexpensive disks

A common solution that uses multiple disks with data either striped (spread across disks) or mirrored (copied), and technology to ensure data isn’t corrupted or lost (parity)

Ensures one or more disk failures can be handled by an array without losing data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

RAID 0

A

Striping without parity

Data is spread across all drives in the array

Better I/O (input/output) performance (speed), all capacity used

No fault tolerance, all data lost if a drive is lost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

RAID 1

A

Mirroring

All data is copied exactly to another drive or drives

High read speeds from multiple drives, data available if a drive fails

Uses twice the storage for the same amount of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

RAID 5

A

Striping with parity

Data is striped across drives, with one drive used for parity (checksum) of the data. Parity is spread across drives as well as data

Data reads are fast, data writes slightly slower. Drive failures can be rebuilt as long as only one drive fails.

Can only tolerate a single drive failure at a time. Rebuilding arrays after a drive loss can be slow and impact performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RAID 6

A

Striping with double parity

Like RAID 5 but additional parity is stored on another drive

Like RAID 5 but allows for more than one drive to fail at a time

Slower write performance than RAID 5 as the additional parity data is managed. Rebuilding arrays after a drive loss can be slow and impact performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

RAID 10

A

Mirroring and striping

Sometimes written RAID 1+0

Data is striped across two or more drives and then mirrored to the same number of drives

Combines the advantages and disadvantages of both RAID 0 and 1

Combines the advantages and disadvantages of RAID 0 and 1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Full backup

A

Copies an entire device or storage system

Slow backup process, but faster to recover

Archive attributes cleared after backup

18
Q

Incremental backup

A

Captures the changes since the last full backup first, and then the changes since the last incremental backup

Faster to back up, but slow to recover

Archive attributes cleared after backup

19
Q

Differential backup

A

Captures the changes since the last full backup

Moderate to recover, moderate to back up

Archive attributes not cleared after backup

20
Q

Snapshot

A

Captures the full state of a system of device at the time the backup is completed

These are common on VMs

Useful to clone systems, go back in time to a point before a patch or upgrade was installed, or restore a system state before an event occurred

21
Q

Images

A

A complete copy of a system or server, typically down to the bit level for the drive

A restored image is a complete match to the system at the moment it was imaged

A backup method of choice for servers where complex configurations may be in use and where cloning or restoration in a short timeframe may be desired

22
Q

Forensic images

A

Captures a bitwise copy of an entire storage device, although they have stronger requirements around data validation and proof of secure handling

23
Q

Tape

A

A kind of backup media

Historically one of the lowest cost per capacity options for large scale backups

Magnetic tape remains in use in large ENTs, often in the form of tape robot systems that can load and store large numbers of tapes using a few drives and several cartridge storage slots

24
Q

Disks

A

A kind of backup media that’s in either magnetic or SSD form

Typically more expensive for the same backup capacity as tape, but faster

Often used in large arrays in either a network attached storage (NAS) or storage area network (SAN)

25
Q

Optical media

A

A kind of backup media like blu ray and DVDs, and specialized optical storage systems

Remains in use in some circumstances, but for capacity issues has been deprecated as a large scale backup tool

26
Q

Flash media

A

A kind of backup media like SD cards and USB drives

Used in many places for short term copies or even long term backups

They aren’t frequently used at ENT scale

27
Q

Nearline backup

A

Backup storage that’s not immediately available but can be retrieved within a reasonable period of time, usually without a human involved

28
Q

Considerations for off site and third party backup

A

1) Bandwidth requirements for both the backups themselves and restoration time if the back needs to be restored partially or fully

2) Time to retrieve files and cost to retrieve files

3) Reliability

4) New security models required for backups

29
Q

SAN

A

Storage area networks

High performance storage with builtin redundancy we can access over a high speed network

Can also duplicate data across SANs, or from one datacenter to another

Best broken down two ways:

1) A means of replicating data, where SANs use RAID to ensure that data isn’t lost. Some orgs will even run a backup SAN with all of the org’s data replicated to it in another location

2) A type of backup itself. Here, it’s seen as a network attached array of disks

Configured to look and feel like a separate storage drive on your system

Block level access, so if you need to change a portion of a large file you only need to change that portion instead of rewriting the entire file to the SAN

30
Q

Response controls

A

Controls that allow orgs to respond to an issue, whether it’s an outage, compromise, or disaster

31
Q

Recovery controls

A

Techniques that focus on returning to normal operations

32
Q

Nonpersistence

A

The ability to have some systems or services that are spun up and shut down as needed

33
Q

Vertical scalability

A

Requires a larger or more powerful system or device.

Can help when all tasks or functions need to be handled on the same system or infrastructure.

Very expensive to increase, particularly if the event that drives the need to scale isn’t ongoing or frequent.

Required at times, like with large memory footprint apps that can’t be run on smaller, less capable systems

34
Q

Horizontal scaling

A

Uses smaller systems or devices, but adds more of them.

When designed and managed correctly, a horizontally scaled system can take advantage of the ability to transparently add and remove more resources, allowing it to adjust as needs grow or shrink.

Provides oppty for transparent upgrades, patching, and incident response.

35
Q

Hot sites

A

An exact replica of what we’re running in our production environment

Duplicate hardware, servers, infrastructure, equipment, etc

Whenever we purchase for our production network, we purchase it for our disaster recovery network

Hot site and HQ need to be fully synchronized at all times with things like real time data transfers or periodic updates

Sometimes, orgs choose to operate them full time, splitting traffic and load between multiple sites to ensure they perform properly

Also ensures staff are in place in case of an emergency

36
Q

Warm sites

A

Have some or all of the systems needed to perform the work required by the org, but the live data and configurations are not in place

Expensive to maintain because of the hardware costs, but they can reduce the total time to restoration because systems can be ready to go and mostly configured

Balances cost and capabilities between hot and cold sites

37
Q

Cold sites

A

Have space, power, and network connectivity but aren’t prepared with systems or data

You must bring all that as well as personnel with you

In a disaster, an org knows they would have a place to go but would have to bring or acquire systems

Challenging because some disasters will prevent the acquisition of hardware, and data will have to be transported from another facility where it’s stored in case of disaster

Least expensive option to maintain

38
Q

Restoration order

A

Balances the criticality of systems and services to the operation of the organization against the need for other infrastructure to be in place and operational to allow each component to be online, secure, and running properly

39
Q

USB data blocker

A

A device used to ensure that USB cables can only be used to transfer power, not data, when chargers and other devices can’t be trusted. An alternative is a USB power-only cable.

40
Q

NAS

A

Network attached storage

Provides access to a large storage array connected over the network

File level access, which means if you need to change any portion of a file on NAS, you have to rewrite the entire file on the device

41
Q

Fire suppression types

A

Sprinklers

1) Wet sprinkler: Has water in it all the time

2) Dry sprinkler: Empty until needed

3) Pre-action: Detects heat or smoke, then fills with water

4) Deluge sprinkler: Empty with open sprinkler heads, but cover an entire area when activated

Chemical

1) Gaseous agents to displace oxygen, reduce heat, or prevent combustion

2) Wet agents like foam

3) Dry chemical agents like normal fire extinguishers

42
Q

PDS

A

Protected distribution system

Protect your cables and fibers, prevent taps, prevent cuts

Security+ 601 (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions