Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 16.154 Infrastructure Considerations > Flashcards

Section 16.154 Infrastructure Considerations Flashcards

Objective 3.2 Given a scenario, you must be able to apply security principles to secure enterprise architecture. Objective 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security

1
Q

Device Placement

A

Proper placement of routers, switches, and access points is crucial

Correct placement ensures:
● Optimal data flow,
● Minimies latency
● Enhances security

■ Routers at the network’s edge help filter traffic efficiently

■ Strategic placement of access points ensures coverage and reduces interference

■ Switches should be located for easy connection to network segments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Zones and Screened Subnets

Security Zones

A

Isolate devices with similar security requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Zones and Screened Subnets

Screened Subnets

A

● Act as buffer zones between internal and external networks

● Hosts public-facing services, protecting core internal networks

● Use the term “screened subnet” instead of “DMZ” for modern configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Attack Surface

A

Refers to points where unauthorized access or data extraction can occur. Its the sum of all the potential vulnerabilitites and risk points inside a system, network or application.

■ A larger attack surface increases the risk of vulnerabilities

■ Identify and mitigate vulnerabilities to reduce the attack surface

■ Regularly assess and minimize the attack surface for network security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Connectivity Methods

A

■ Choose connectivity methods that influence network performance, reliability, and security

■ Wired (e.g., Ethernet) offers stability and speed but restricts mobility

■ Wireless (e.g., Wi-Fi) provides flexibility but may suffer from interference and security issues

■ Consider factors like scalability, speed, security, and budget constraints when choosing connectivity methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Device Attributes

A

■ Consider whether devices are active or passive, and if they are inline or tapped

■ Active devices (e.g., intrusion prevention systems): monitor and act on network traffic.

■ Passive devices (e.g., intrusion detection systems): observe and report without altering traffic

■ Inline devices are in the path of network traffic

■ Taps and monitors capture data without disruption

■ Align device choices with network goals and challenges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Failure Mode

A

■ Choose between “fail-open” and “fail-closed” modes to handle device failures

■ Fail-open: Allows traffic to pass during a failure, maintaining connectivity but reducing security

■ Fail-closed: Blocks all traffic during a failure, prioritising security over connectivity

■ The choice depends on the organization’s security policy and the criticality of the network segment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (238 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions