Security Architecture Flashcards
What could you implement so users within an organization can manage fewer credentials?
SSO
What is a jump server?
A secure node that sits between the untrusted network and the secure zone
What would you implement to protect internal company resources that would have no reason to be accessed by the outside?
Jump server
What would you implement to secure administrative access to internal resources while minimizing traffic through the security boundary?
Implementing a bastion host
What must be considered when designing a high-availability network?
- Ease of recovery
- Responsiveness
What is a cold site?
- The most cost-effective option for a backup data center
- A backup facility that has the necessary infrastructure but no active IT systems or data until it is needed
- Not fully equipped
What site would be best for an organization building a new backup data center with RTO and RPO values around two days?
Warm site
If a U.S.-based cloud-hosting provider wants to expand its data centers to new international locations, what should they consider first?
Local data protection regulations
What is a security measure that is put in place to satisfy the requirements of a security policy when the primary control cannot be implemented?
Compensating control
What has been implemented when a host-based firewall on a legacy Linux systems allows connections only from specific internal IP addresses?
Compensating control
What solution would fulfil the need for a low-cost application-hosting solution that is cloud-based?
Serverless framework
What should a company consider if they are considered about weather events causing damage to the server room and downtime?
Geographic dispersion
After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network, what should they disable?
Web-based administration
How should controls be set up in a data center to ensure data and human life is protected?
Safety controls should fail open
What architecture would be best suited for constantly changing environments?
Containers
What does a VPN between headquarters and a branch location protect?
Data in transit
What should a sys admin use to ensure an easy deployment of resources within the cloud provider?
Infrastructure as Code (IaC)
What are examples of ways to ensure only authorized personnel can access a secure facility?
- Badge access
- Access control vestibule
What would you implement when a customer wants their data stored on a separate part of the network that is not accessible to users on the main corporate network?
Segmentation
What is a comprehensive networking and security approach that combines WAN capabilities with security features to secure access to apps and data while offering monitoring capabilities for remote employee internet traffic?
SASE (Secure Access Service Edge)
What could you implement to reduce traffic on the VPN and internet circuit by routing traffic intelligently through the cloud, closer to the users?
SASE (Secure Access Service Edge)
What fundamental security requriement does deploying a load balancer accomplish?
Availability
What is symmetric encryption?
In this type of encryption, there is only one key, and all parties involved use the same key to encrypt and decrypt information.
What architectures should you use if you want to reduce the numbers of physical servers in use?
Virtualization
What most impacts an administrator’s ability to address Common Vulnerabilities and Exposures (CVEs) discovered on a server?
Patch availability
