Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SEC+ > Section 2 - Architecture and Design > Flashcards

Section 2 - Architecture and Design Flashcards

1
Q

Baseline configuration

A

Is a group of settings placed on a system before it is approved for production. Using baselines is a technique that evolved from administration checklists to ensure systems were set up correctly for their intended purpose.
In case of workstations, it would be an OS image with pre-installed software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data sovereignty

A

Often refers to the understanding that data which are stored outside of an organization’s host country and still subject to the laws in the country where the data are stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Data masking

A

Is the process of modifying sensitive data in such a way that it is of no or little value to unauthorized intruders while still being usable by software or authorized personnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data tokenization

A

Is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no intrinsic or exploitable meaning or value. The token is a reference that maps back to the sensitive data through a tokenization system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Hardware security module (HSM)

A

Is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cloud access security broker (CASB)

A

Is cloud-hosted software or on-premises software or hardware that act as an intermediary between users and cloud service providers. It combines and interjects enterprise security policies as cloud-based resources are accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

System resilience

A

The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cold site

A

A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Hot site

A

A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Warm site

A

An environmentally conditioned work space that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Infrastructure-as-a-Service (IaaS)

A

Is a form of cloud computing that delivers fundamental compute, network, and storage resources to consumers on-demand, over the internet, and on a pay-as-you-go basis. IaaS enables end users to scale and shrink resources on an as-needed basis, reducing the need for high, up-front capital expenditures or unnecessary “owned” infrastructure, especially in the case of “spiky” workloads. In contrast to PaaS and SaaS (even newer computing models like containers and serverless), IaaS provides the lowest-level control of resources in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Software as a Service (SaaS)

A

SaaS utilizes the internet to deliver applications, which are managed by a third-party vendor, to its users. A majority of SaaS applications run directly through your web browser, which means they do not require any downloads or installations on the client side.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Platform as a Service (PaaS)

A

Provides software developers with on-demand platform—hardware, complete software stack, infrastructure, and even development tools—for running, developing, and managing applications without the cost, complexity, and inflexibility of maintaining that platform on-premises.

With PaaS, the cloud provider hosts everything—servers, networks, storage, operating system software, middleware, databases—at their data center.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Everything as a Service (XaaS)

A

Describes a general category of services related to cloud computing and remote access. It recognizes the vast number of products, tools, and technologies that are now delivered to users as a service over the internet.
Essentially, any IT function can be transformed into a service for enterprise consumption. The service is paid for in a flexible consumption model rather than as an upfront purchase or license.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cloud deployment models

A

Public cloud is cloud computing that’s delivered via the internet and shared across organizations.
Private cloud is cloud computing that is dedicated solely to your organization.
Hybrid cloud is any environment that uses both public and private clouds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Fog computing

A

Places a decentralized enterprise computing layer between the source of data and a central cloud platform. Like edge computing, fog computing also brings the processing power closer to where the data is extracted from. While fog computing enhances efficiency, it can also be leveraged for cybersecurity and regulatory compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Edge computing

A

Brings processing and storage systems as close as possible to the application, device, or component that generates and collects data. This helps minimize processing time by removing the need for transferring data to a central processing system and back to the endpoint

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Containerization

A

Is a form of virtualization where applications run in isolated user spaces, called containers, while using the same shared operating system (OS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Microservices

A

Are component parts of an application that are designed to run independently. A microservices-based application is a collection of loosely coupled services that are lightweight and independently deployable and scalable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Kubernetes

A

Is a container orchestration tool—an open-source, extensible platform for deploying, scaling, and managing the complete life cycle of containerized applications across a cluster of machines.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Infrastructure as code (IaC)

A

Is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Software-Defined Networking (SDN)

A

Is an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Software Defined Visibility (SDV)

A

Is a framework that allows customers, security and network equipment vendors, as well as managed service providers, to control and program Gigamon’s Visibility Fabric via REST-based Application Program Interfaces (APIs). By writing programs that utilize Gigamon’s APIs, critical functions previously requiring manual intervention can be automated to improve responsiveness, enhance analysis and increase protection of key resources and information assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Serverless architecture

A

Is a software design pattern where we host our applications on a third-party service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Virtualization sprawl (VM sprawl)

A

Is a phenomenon that occurs when the number of virtual machines (VMs) on a network reaches a point where administrators can no longer manage them effectively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

VM escape

A

Is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Provisioning vs Deprovisioning

A

Provisioning is the process of making information technology (IT) systems available to users.
Deprovisioning is the process of removing user access to software and network services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Database normalization

A

Refers to organizing tables and columns in a database to reduce redundant data and improve overall database performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Stored procedure

A

This is the practice of storing business logic, rules, algorithms and data within a database. These procedures can be run at any time by the database, rather than being triggered when a user tries to access the logic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Code Obfuscation/Camouflage

A

Is the process of making code more difficult to understand. This is typically done by replacing certain words and phrases in the code with numbers. There are several methods for obfuscating code, and most can eventually be reverse engineered, but it does add one more layer of protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Code Reuse

A

Reusing code can be risky, though, if the code being used isn’t secure and gets spread throughout the application. It can also be a problem if the reused code doesn’t work well in the new environment or if the changes aren’t as secure as they would have been had the code been written expressly for the purpose at hand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Dead Code

A

Refers to code that’s non-executable at runtime. Sometimes, it means source code that’s executed but not used in any other computation, making it obsolete. It’s more secure to remove any dead code. If it doesn’t exist, it can’t be exploited.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Memory management

A

Most common memory vulnerabilities are unchecked buffer-copy input size, incorrectly calculated buffer size, and uncontrolled format strings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Data exposure

A

Involves unintended exposure of personal and confidential data. This can come from weak or non-existent encryption, coding flaws, or misapplied database uploads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Open Web Application Security Project (OWASP)

A

Is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The OWASP provides free and open resources. It is led by a non-profit called The OWASP Foundation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Elasticity in devops

A

The purpose of elasticity is to match the resources allocated with the actual amount of resources needed at any given point in time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Scalability in devops

A

Handles the changing needs of an application within the confines of the infrastructure via statically adding or removing resources to meet applications demands if needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Time-based one-time password (TOTP)

A

Is a computer algorithm that generates a one-time password (OTP) that uses the current time as a source of uniqueness. It’s an extension of the HMAC-based one-time password algorithm (HOTP).

39
Q

HMAC-based one-time password (HOTP)

A

Is a one-time password (OTP) algorithm, that provides a method of authentication by symmetric generation of human-readable passwords, or values, each used for only one authentication attempt. The one-time property leads directly from the single use of each counter value.
Parties intending to use HOTP must establish some parameters:
A cryptographic hash method H (default is SHA-1)
A secret key K, which is an arbitrary byte string and must remain private
A counter C, which counts the number of iterations
A HOTP value length d (6–10, default is 6, and 6–8 is recommended)
Both parties compute the HOTP value derived from the secret key K and the counter C.

40
Q

HMAC

A

HMAC (sometimes expanded as either keyed-hash message authentication code or hash-based message authentication code) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message.

41
Q

Types of biometrics

A

DNA
Ear
Eyes - Iris (color patterns)
Eyes - Retina (veins)
Eyes - Scleral vein
Face
Finger geometry
Fingerprint
Gait - way of walking
Hand geometry
Hertbeat
Keystrokes - typing
Odour
Signatures
Vascular - vein picture
Voice

42
Q

Crossover Error Rate (CER)

A

Describes the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal. CER is also known as the Equal Error Rate (EER). The Crossover Error Rate describes the overall accuracy of a biometric system.

43
Q

Identification (IAAA)

A

Your name, username, ID number, employee number, SIN etc.

44
Q

Authentication (IAAA)

A

Is the (prove who you are) stage to verify the given identification:
Something you know, such as a password or pin.
Something you have, such as an identification device, smart-card or token.
Something you are, such as biometrics e.g. fingerprint or facial recognition.
Something you do, such as a mandatory action to complete authentication.
Somewhere you are, such as your geolocation.

45
Q

Authorization (IAAA)

A

Is the process of specifying user access rights and privileges using models such as DAC (Discretionary Access Control) , MAC (Mandatory Access Control) and RBAC (Role-based Access Control).

46
Q

Accountability (IAAA)

A

Is ensuring the actions performed by a user are traceable to prove responsibility, this is also referred to as non-repudiation.

47
Q

Geographical dispersal

A

Refers to placing physical distances between duplicate systems so the organization can avoid damages to both the primary and alternate resources from the same disaster.

48
Q

Types of backup

A

Full backup: The most basic and comprehensive backup method, where all data is sent to another location.
Incremental backup: Backs up all files that have changed since the last backup occurred.
Differential backup: Backs up only copies of all files that have changed since the last full backup.

49
Q

Backup (archive) bit

A

The archive bit is a file component that is activated when a file is created or changed. It indicates whether the file has been backed up since it was last modified.
A full backup resets the archive bit.
A differential backup copies those files that have changed since the full backup. However, it does not reset the archive bit, meaning it will copy them again the next day.
An incremental backup copies changed files and resets the archive bit so that it does not copy the file unless it changes again.

50
Q

Non-persistence

A

Non-persistent information system components and services are activated as required using protected information and terminated periodically or upon the end of sessions.

51
Q

RAID 0

A

implements block striping, where data is broken into logical blocks and is striped across several drives.
- no facility.
- the total disk capacity is equivalent to the sum of the capacities of all drives in the array.
- highest performance.

52
Q

RAID 1

A

Implements disk mirroring, where a copy of the same data is recorded onto two drives.

53
Q

RAID 10

A

Combines RAID 0 (strip) and RAID 1 (mirror) to offer mirroring and disk striping. If four or more disk drives are chosen for a RAID 1 logical drive, RAID 1+0 is performed automatically.

54
Q

RAID 5

A

Implements multiple-block striping with distributed parity. This RAID level offers redundancy with the parity information distributed across all disks in the array. Data and its parity are never stored on the same disk. In the event that a disk fails, original data can be reconstructed using the parity information and the information on the remaining disks.

55
Q

RAID 3

A

Implements block striping with dedicated parity. This RAID level breaks data into logical blocks, the size of a disk block, and then stripes these blocks across several drives. One drive is dedicated to parity. In the event that a disk fails, the original data can be reconstructed using the parity information and the information on the remaining disks.

56
Q

RAID 6

A

similar to RAID 5, but uses two parity bits (extra drive).

57
Q

Information assurance (IA)

A

Is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data.

58
Q

Nonrepudiation (IA)

A

Ensures that no party can deny that it sent or received a message via encryption and/or digital signatures or approved some information. It also cannot deny the authenticity of its signature on a document.

59
Q

Data integrity (IA)

A

Is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
Data integrity describes data that’s kept complete, accurate, consistent and safe throughout its entire lifecycle

60
Q

Data availability (IA)

A

Is a term used by computer storage manufacturers and storage service providers to describe how data should be available at a required level of performance in situations ranging from normal through disastrous. In general, data availability is achieved through redundancy involving where the data is stored and how it can be reached.

61
Q

Authentication (IA)

A

Is the process of determining whether someone or something is, in fact, who or what it says it is.

62
Q

Confidentiality (IA)

A

Is roughly equivalent to privacy. Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts.

63
Q

Symmetric vs Asymmetric encryption

A

Symmetric: the message is encrypted by using a key and the same key is used to decrypt the message (less secure, requires a safe method to transfer the key). Fast, provides confidentiality.
Asymmetric: is based on public and private key encryption techniques. It uses two different key to encrypt and decrypt the message. Slow, provides confidentiality, authenticity, and non-repudiation.

64
Q

Stream vs Block cipher

A

Block transform 1 block (64/128/256 bits) at a time, while stream ciphers convert plaintext to ciphertext 1 byte at a time.
Stream ciphers utilize only the confusion principle, block ciphers use data diffusion and confusion.
Stream ciphers use a XOR on the plaintext to create ciphertext. Block ciphers encrypt more bits at a time, making the decryption comparatively complex.

65
Q

Confusion vs diffusion principles of cryptography

A

Confusion means that each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.
Diffusion means that if we change a single bit of the plaintext, then about half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then about half of the plaintext bits should change.

66
Q

DES

A

The Data Encryption Standard is a symmetric-key algorithm. Its short key length of 56 bits makes it too insecure for modern applications, it was cracked in 1999.

67
Q

3DES

A

Triple DES, is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. A CVE released in 2016 disclosed a major security vulnerability in DES and 3DES encryption algorithms. This CVE, combined with the inadequate key size of DES and 3DES, NIST has deprecated DES and 3DES for new applications in 2017, and for all applications by the end of 2023.

68
Q

IDEA algorithm

A

International Data Encryption Algorithm is a symmetric-key block cipher, first described in 1991. IDEA was used in Pretty Good Privacy (PGP) v2.0 and was incorporated after the original cipher used in v1.0, BassOmatic, was found to be insecure.
IDEA operates on 64-bit blocks using a 128-bit key and consists of a series of 8 identical transformations (a round).

69
Q

Blowfish

A

Blowfish is a symmetric-key block cipher, designed in 1993. Blowfish provides a good encryption rate in software, and no effective cryptanalysis of it has been found to date.
Blowfish has a 64-bit block size and a variable key length from 32 bits up to 448 bits, 16 rounds.

70
Q

Skipjack

A

This algorithm was initially classified SECRET. The government did state that it used an 80-bit key, that the algorithm was symmetric, and that it was similar to the DES algorithm. Declassified in 1998, no longer certified for gov use since 2016.
Used for the “Clipper chip” - a chipset that was developed and promoted by the NSA as an encryption device that secured “voice and data messages” with a built-in backdoor.

71
Q

RC2

A

Also known as ARC2, is a symmetric-key block cipher designed by Ron Rivest in 1987. RC2 is a 64-bit block cipher with a variable size key.

72
Q

RC4

A

RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR) is a stream cipher. RC4 became part of some commonly used encryption protocols and standards, such as WEP in 1997 and WPA in 2003/2004 for wireless cards; and SSL in 1995 and its successor TLS in 1999, until it was prohibited for all versions of TLS by RFC 7465 in 2015.

73
Q

RC5

A

Is a symmetric-key block cipher. RC5 has a variable block size (32, 64 or 128 bits), key size (0 to 2040 bits) and number of rounds (0 to 255).

74
Q

AES

A

Is a symmetric type of encryption, Even though the key length of this encryption method varies (128, 192 and 256 bits), its block size - 128-bits - stays fixed.
It also uses the SPN (substitution permutation network) algorithm, applying multiple rounds to encrypt data. These encryption rounds are the reason behind the impenetrability of AES, as there are far too many rounds to break through.

75
Q

Twofish

A

Is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the AES contest, but it was not selected for standardization. Twofish is related to the earlier block cipher Blowfish.

76
Q

RSA

A

(Rivest–Shamir–Adleman) is a public-key asymmetric cryptosystem that is widely used for secure data transmission. Publicly described in 1977. Key sizes: 2,048 to 4,096 bit typical

77
Q

Diffie–Hellman key exchange

A

Key exchange scheme (symmetric key exchange algorithm), each party generates a public/private key pair and distributes the public key. After obtaining an authentic copy of each other’s public keys, they can compute a shared secret offline. The shared secret can be used, for instance, as the key for a symmetric cipher.

78
Q

Elliptic-curve cryptography (ECC)

A

Is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography to provide equivalent security

79
Q

Digital signature

A

The result of a cryptographic transformation of data which, when properly implemented, provides the services of: origin authentication, data integrity, and signer non-repudiation.

80
Q

Steganography

A

Is an additional step that can be used in conjunction with encryption in order to conceal or protect data. Steganography is a means of concealing secret information within (or even on top of) an otherwise mundane, non-secret document or other media to avoid detection.
Can be divided into five types: Text, Image, Video, Audio, Network.

81
Q

Key Stretching

A

Techniques are used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources (time and possibly space) it takes to test each possible key.
One way is to apply a cryptographic hash function or a block cipher repeatedly in a loop. Another way is to use cryptographic hash functions that have large memory requirements.

82
Q

Perfect Forward Secrecy (PFS)

A

Also called forward secrecy (FS), refers to an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically. This ongoing process ensures that even if the most recent key is hacked, a minimal amount of sensitive data is exposed.

83
Q

Homomorphic encryption

A

Is a form of encryption that permits users to perform computations on its encrypted data without first decrypting it.

84
Q

Ephemeral key

A

The key that is generated for each execution of a key establishment process. In some cases ephemeral keys are used more than once, within a single session (e.g., in broadcast applications) where the sender generates only one ephemeral key pair per message and the private key is combined separately with each recipient’s public key.

85
Q

Block Cipher Mode of Operation

A

A block cipher mode of operation defines how the different blocks of a multi-block plaintext should be encrypted and decrypted.
ECB mode is the simplest, fastest, but keeps the patterns (penguin pic). Its approach to multi-block plaintexts is to treat each block of the plaintext separately.
CBC mode eliminates this problem by carrying information from the encryption or decryption of one block to the next. Turns block into stream cipher.

86
Q

Lightweight cryptography

A

Also known as lightweight encryption, is a form of encryption designed for resource-constrained devices. Lightweight encryption technology uses less memory, fewer computing resources, and a smaller amount of power to provide secure solutions for limited resources in a network.

87
Q

Data at rest vs in transit

A

Data at rest is safely stored on an internal or external storage device. Data in transit, also known as data in motion, is data that is being transferred between locations over a private network or the Internet.

88
Q

Telemetry

A

Data collected from a network environment that can be analyzed to monitor the health and performance, availability, and security of the network

89
Q

DNS sinkhole

A

A mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address.

90
Q

Attestation

A

To be able to prove that the hardware that they’re connecting with is really the hardware we’re expecting

91
Q

Federation

A

Instead of maintaining your own database of usernames and passwords, you can use authentication information that’s already contained at a different site

92
Q

Supervisory control and data acquisition (SCADA) / Industrial control system (ICS)

A

Computer-based system for gathering and analyzing real-time data to monitor and control equipment that deals with critical and time-sensitive materials or events.

93
Q

Real-Time Operating System (RTOS)

A

OS with two key features: predictability and determinism. Repeated tasks are performed within a tight time boundary. We know how long a task will take, and that it will always produce the same result.

94
Q

Data destruction and media sanitization

A

● Pulping – Reduces paper to liquid slurry. Can then be safely recycled.
● Pulverizing – Using hydraulic or pneumatic action to reduce the materials to loose fibers and shards. Disadvantage – cost.
● Degaussing – Using a large magnet to remove data from magnetic storage media such as hard drives and magnetic tapes.
● Purging – Removing files and all traces of data. Sanitization
● Wiping – Overwriting data. Data is replaced (often with random 0’s & 1’s) and then removed.

SEC+ (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions