Security Architecture

Question 1

Cloud computing

Answer 1

Cloud computing is a flexible and scalable technology that allows access to and storage of data and applications over the internet.

Third-party vendors: Integrating external services into the cloud environment*

Chapter 10

Question 2

What is a cloud responsibility matrix?

Answer 2

*Responsibility matrix: Defining roles and responsibilities in cloud management

When utilizing cloud services, you shift some security responsibilities to your cloud provider. The extent of your direct responsibility and what you delegate can vary based on the type of service you use.

Chapter 10

Question 3

What is a hybrid-cloud model?

Answer 3

Hybrid considerations: Balancing on-premises and cloud resources

With a hybrid-cloud model, an organization maintains a presence both on-premise and in the cloud.

Chapter 10

Question 4

What are the four considerations regarding utilizing 3rd party vendors in a hybrid-cloud?

Answer 4

Data Breaches: Perhaps the most notorious risk, a vendor’s lax security practices can lead to data breaches, compromising sensitive customer or organizational information. Such breaches can result in financial losses, reputational damage, and regulatory repercussions.
Security Vulnerabilities: Vendors may introduce security vulnerabilities into an organization’s systems through the software or services they provide. These vulnerabilities can become potential entry points for cybercriminals seeking unauthorized access. An example of
security vulnerabilities introduced by vendors could be a software update that inadvertently opens a backdoor for hackers.
Compliance Challenges: When vendors fail to adhere to industryspecific regulations or legal requirements, organizations may find themselves unwittingly non-compliant and therefore subject to fines and potentially embroiled in legal disputes.
Operational Disruption: Dependence on a vendor for critical services or products can result in operational disruption if the vendor experiences downtime or operational issues. A single point of failure, such as a failure of the power system, can have far-reaching consequences.

Chapter 10

Question 5

Infrastructure as code (IaC)

Answer 5

Automating infrastructure provisioning and management

The practice of defining and managing IT infrastructure through machine-readable code or
scripts. IaC is written in languages such as YAML and JSON. Gone are the days of manual, error-prone infrastructure provisioning or configuration. With IaC, infrastructure components (from servers and networks to databases and storage) are defined in code, enabling automation, scalability, and repeatability.

Chapter 10

Question 6

What is Serverless computing?

Answer 6

Leveraging serverless computing for scalable applications

In a serverless environment, there’s no need to provision, configure, or manage servers as the cloud provider handles all these aspects of server management, including scaling resources up or down to meet demand.

Chapter 10

Question 7

What is Microservices architecture?

Answer 7

Building applications as small, independent services

Microservices architecture involves breaking down an application into a collection of smaller, self-contained services that communicate with each other through well-defined APIs. Each
microservice is responsible for a specific business capability, such as user authentication, payment processing, or data retrieval. These services operate independently, enabling developers to work on them separately without disrupting the entire application.

Chapter 10

Question 8

What is phsical isolation in Network infrastructure?

Answer 8

Designing and securing cloud network architecture

Physical isolation: Separating resources physically for enhanced security
Air-gapped: Isolating systems from external networks for security

Reminder: In an air-gapped network, each computer has no connectivity and data is placed on and taken off the computer using removable devices.

Chapter 10

Question 9

Describe the two types of Logical Segmentation.

Answer 9

Subnetting: Subnetting is the process of breaking down a network into smaller networks called subnets. This can give you a higher level of security by reducing the broadcast domain, the area where devices can broadcast to each other. Imagine a fast-spreading virus. Using subnets can help contain the virus and prevent it from affecting too many devices.
Virtual Local Area Network (VLAN): A VLAN is established through the software on a network switch. It allows you to group multiple network ports together, effectively creating a distinct and separate network within the larger network. This method of network division
aids in controlling traffic flow and segregating communications for distinct functions or device groups. Each individual VLAN has an identification tag, which is readable by switches. Data packets include the VLAN identification tag so that when traffic arrives at the switch, the switch knows where to direct it.

Chapter 10

Question 10

Software-Defined Networking (SDN)

Answer 10

Software-defined networking (SDN):Implementing flexible network management in the cloud

Management Plane: The management plane orchestrates network intelligence effortlessly by monitoring the network traffic.
**Control Plane: **The control plane, often embodied by an SDN controller, serves as the network’s “brain.” It is a centralized entity that makes high-level decisions about traffic routing, network policies, and resource allocation, based on a set of rules set by administrators. This
abstraction provides network administrators with a global, bird’s-eye view of the network and a single point from which to apply changes.
Data Plane: The data plane consists of network devices such as switches, routers, and access points. It is responsible for forwarding data packets based on the instructions received from the control plane. Unlike traditional networking, where control and data planes are tightly
integrated, SDN separates them, allowing for programmable and dynamic control over the network’s behavior, including that of both resource allocation and security.

Chapter 10

Question 11

Industrial Control Systems (ICS) /Supervisory Control and Data Acquisition (SCADA)

Answer 11

IoT: Integrating Internet of Things devices into on-premises systems Industrial control systems (ICS)/supervisory control and data acquisition (SCADA): Managing critical infrastructure and data acquisition systems

Supervisory Control and Data Acquisition (SCADA) systems are sophisticated automated industrial control systems (ICS) that encompass various stages of production. These systems play a pivotal role in monitoring, managing, and controlling industrial processes, allowing for seamless coordination and oversight across different phases of production, from raw material handling to product assembly and quality control. The SCADA system runs on the same software as client computers and is vulnerable to the same threats.

Chapter 10

Question 12

Real-Time Operating System (RTOS)

Answer 12

Operating systems designed for real-time, mission-critical tasks

RTOS is a specialized OS designed for applications for which timing is of paramount importance, such as light control or navigation systems, where everything happens in real time.
Unlike general-purpose operating systems such as Windows or Linux, which prioritize tasks based on priority levels, RTOS ensures that high-priority tasks are executed within a
predetermined time frame.

Chapter 10

Question 13

Embedded Systems

Answer 13

Incorporating specialized computing into hardware devices

Embedded systems are specialized computing systems designed for specific tasks within a broader system or product.

Chapter 10

Question 14

What are 12 Considerations for your infrastructure?

`

Answer 14

Availability: You must ensure that data remains available at all times.
Resilience: Preparing for and recovering from disruptions or failures
Cost: Managing expenses and optimizing cloud spending
Responsiveness: Achieving quick and efficient system responses
Scalability: Adapting resources to accommodate changing demands
Ease of deployment: Simplifying the process of launching new services
Risk transference: Shifting or mitigating risks through cloud services
Ease of recovery: Streamlining recovery processes after failures or incidents
Patch availability: Ensuring timely access to software updates and patches
Inability to patch: Addressing challenges when patches cannot be applied.
Power: Managing power requirements for cloud infrastructure
Compute: Optimizing and balancing computational resources in the cloud

Chapter 10

Question 15

Infrastructure considerations

Answer 15

Key network design factors

Chapter 11

Question 16

Device placement: what are the three zones?

Answer 16

Where devices are located

The network is divided into three separate zones, Local Area Network (LAN), screened subnet, and Wide Area Network (WAN), and your devices should be placed in these zones depending on the security requirements,

Chapter 11

Question 17

Security zones

Answer 17

Network segments with distinct security policies

Each of these zones possesses its own security policies, access controls, and trust levels. These zones compartmentalize a network, dividing it into manageable segments and reducing the extent of access and privileges granted to users, devices, or systems.

Reminder: Ensure that you know your network appliances and where they reside on the network.

Chapter 11

Question 18

What are 7 Attack surfaces?

Answer 18

Vulnerable points exposed to threats

Endpoints: Devices such as computers, smartphones, and IoT devices that connect to the network are primary targets. Vulnerabilities in endpoint operating systems, software, or configurations can provide a foothold for attackers.
Network services: Services such as web servers, email servers, and VPN gateways expose themselves to the internet, becoming potential entry points. Inadequate patching, misconfigurations, or outdated software can lead to exploitation.
Ports and protocols: Open ports and protocols on network devices create opportunities for attackers to probe and exploit weaknesses. Unnecessary open ports or unused services should be closed or disabled.
**User accounts and credentials: **Weak or compromised passwords pose a significant security risk as attackers may employ brute-force attacks or phishing to obtain legitimate credentials and gain unauthorized access.
Third-party integrations: Integrations with external services or thirdparty applications can introduce vulnerabilities. Regular security assessments and audits are crucial.
Cloud services: As organizations migrate to the cloud, cloud-based assets become potential targets. Misconfigured cloud resources can expose sensitive data.
Human factor: Employees, whether through ignorance or malicious intent, can inadvertently contribute to the attack surface. Security awareness training is an essential preventative measure.

Chapter 11

Question 19

Connectivity

Answer 19

Network connections between devices

Connectivity is more than just wires, cables, and data packets. It defines how devices, systems, and people interact within a networked ecosystem. It encompasses wired and wireless
connections, cloud integrations, remote access, and the intricate web of pathways through which information flows.

Chapter 11

Question 20

Failure modes

Answer 20

*How devices respond to failures

Fail-open: Device allows traffic on failure
Fail-closed: Device blocks traffic on failure*

Remember that fail-open mode may result in a security vulnerability.

Chapter 11

Question 21

Device attribute: Device characteristics

Answer 21

Active vs. passive: Device interaction level
Inline vs. tap/monitor: Traffic handling approach

Active devices: Active devices are a proactive force within your network security arsenal. They actively intervene and act when potential threats are detected. These devices can block or mitigate threats in real time, helping to maintain the integrity and security of your network.
Examples of active devices include firewalls (which actively block unauthorized access attempts) and IPSs, which actively detect and prevent known attack patterns.
Passive devices: Passive devices are observers. They monitor network traffic, analyze patterns, and provide insights into potential threats and vulnerabilities. Unlike active devices, passive devices do not take immediate action to block threats; they are instead focused on visibility and analysis. An example of a passive device is an IDS, which has sensors and collectors that analyze network traffic for suspicious behavior without actively blocking it.
**Inline: **Inline devices are placed directly in the data path of network traffic. They actively process traffic as it flows through the network, making real-time decisions about whether to allow or block data packets. Examples of inline devices include firewall appliances, which
actively control inbound and outbound traffic, and load balancers, which distribute network traffic across multiple servers and IPSs.
Tap/monitor: Tap or monitor devices, as the name suggests, do not interfere with the flow of network traffic. Instead, they “tap” into the traffic and duplicate it for analysis or monitoring purposes. These devices provide visibility without affecting the original data flow. An
example of a tap/monitor device is a network packet analyzer (packet sniffer), which captures and analyzes network traffic for troubleshooting or security analysis.

Chapter 11

Question 22

Network appliances: Devices with specific functions

Answer 22

Jump server: Secure access intermediary
Proxy server: Intermediary for client-server requests
A proxy server is a server that acts as an intermediary between clients seeking resources on the internet or an external network. It serves as a go-between, making requests on behalf of clients while ensuring that external servers do not have direct knowledge of the requesting host. The proxy server maintains a log file of these requests to allow administrators to track users’ internet usage.
Reverse proxy server: The flow of traffic from a reverse proxy is incoming traffic from the internet coming into your company network. The reverse proxy is placed in a boundary network called the screened subnet. It performs the authentication and decryption of a secure session to enable it to filter the incoming traffic.
IPS/IDS: Intrusion prevention and detection
IPS: An IPS protects the network by identifying suspicious activities, but it also takes swift action to actively block or mitigate threats, ensuring that the network remains resilient against potential threats. The IPS is placed very close to the firewall and is known as inline as the
data traffic flows through the network.
IDS: The IDS is passive as it uses sensors and collectors to detect suspicious or unauthorized activities, sounding the alarm when potential threats are discovered. Both the IPS and IDS can be network-based, though, in these instances, they are known as NIDS and NIPS and can
protect the network but not the host. The host versions of these systems are HIDS and HIPS. As expected, they can only protect the host and not the network.
Load balancer: Distributes network traffic evenly
As its name suggests, a network load balancer is a device that is used to balance the load when there is a high volume of traffic coming into the company’s network or web server. It does this by using information in the data packets to make decisions about where to forward traffic. The Layer 4 load balancer only forwards the traffic by using the information in the packet header, such as the destination address or port number. The more sophisticated Layer 7 load balancer
can forward the traffic based on content-based routing, making it highly suitable for load balancing web applications, APIs, and services that require application-level awareness.

Chapter 11

Question 23

Sensors

Answer 23

Monitor network traffic for anomalies

Question 24

What are the four ways to protect physical network ports?

Answer 24

Sticky MAC: Sticky MAC addresses simplify the port security process by storing the MAC addresses of authorized devices. When a device connects to a port, its MAC address is recorded and associated with that port. Subsequent connections from the same device are automatically permitted. If a different device attempts to connect to the same port, it is
denied access as its MAC address does not match the recorded “sticky” MAC address.
Disabling ports: In a proactive approach to network security, the administrator regularly reviews port security settings, occasionally disabling ports or removing patch panel cables that lead to unused areas of the building to ensure that potential vulnerabilities remain tightly
controlled.
802.1x authentication: 802.1x offers a more flexible and secure method of network access control and introduces an authentication process (using a RADIUS server) that occurs before a connection is established. This process involves the identity verification of the user or
device seeking network access, employing the concepts of “supplicants” (devices seeking access), “authenticators” (network devices), and an “authentication server” (which verifies supplicant credentials). Authentication is typically achieved through certificates, which ensure
that only authorized devices can connect to the network. One key advantage of 802.1x is that it doesn’t disable switch ports but rather selectively permits or denies access based on authentication status. This preserves the full functionality of the switch while maintaining robust security.
Extensible Authentication Protocol (EAP): EAP enhances the security concepts of 802.1x by ensuring that authentication processes are standardized and interoperable across various network devices and platforms. EAP allows organizations to choose from various
authentication methods, such as EAP-TLS (TLS stands for Transport Layer Security), EAP-PEAP (PEAP stands for Protected Extensible Authentication Protocol), and EAP-MD5.

Chapter 11

Question 25

Five Firewall types

Answer 25

WAF: The purpose of the WAF is to protect your web server and the web-based applications running on your web server from attack. The WAF shields your web applications and websites from an onslaught of cyber threats, safeguarding them against attacks such as SQL injection, Cross-Site Scripting (XSS), and DDoS assaults. The WAF operates at Layer 7 (that is, the application layer) of the Open Systems Interconnection (OSI) reference model.
UTM: UTM is a firewall that can provide malware inspection, DLP, content filtering, and URL filtering. UTM is the go-to when you need an all-in-one security solution to simplify your defense strategy.
NGFW: The NGFW is a powerhouse in network security, operating at Layer 7 with the added advantage of harnessing cloud-powered threat intelligence. The NGFW delivers advanced protection across both onpremises and cloud environments, facilitates TLS, and has deep packet filtering and intrusion prevention capabilities. What sets the NGFW apart is its ability to maintain robust security on site, utilizing advanced behavioral analysis and user behavior monitoring. These proactive measures ensure the early detection and mitigation of potential insider threats to protect sensitive data from compromise.
Layer 4:Layer 4 firewall (often referred to as a “stateless firewall”) is the gatekeeper of network traffic, entrusted with the straightforward yet critical mission of basic packet filtering. It’s primarily focused on determining whether incoming or outgoing packets should be permitted based on predefined rules. It ensures that the TCP/IP three-way handshake takes place and determines access on the type of packets coming in. It is therefore known as a packet filtering firewall. It does not provide deep packet inspection.
Layer 7: A Layer 7 firewall, also known as an application firewall, inspects network traffic at the application layer, enabling deep packet inspection to identify and control specific applications, user activities, and content, enhancing security and control in modern networks.

Chapter 11

Question 26

Secure communication/access: Protects data and access

Answer 26

Virtual private network (VPN): Secure remote access
Remote access: Connecting to a network remotely
Tunneling: Secure data transmission method
Transport Layer Security (TLS): Data encryption protocol
Internet protocol security (IPSec): Secure network protocol
Software-defined wide area network (SD-WAN): Dynamic network management
Secure access service edge (SASE): Cloud-based network security

REMINDER: Remember that SSH is the most secure and versatile remote access protocol and can be enhanced by implementing SSH keys.

Chapter 11

Question 27

Two main categoroies of controls

Answer 27

Preventative controls: Preventative controls are placed at the network perimeter to defend against potential threats before they breach the network. These controls reside on network routers, switches, and dedicated appliances, and they tirelessly scrutinize incoming and outgoing traffic, ensuring that only legitimate data is permitted. Devices that can be used for this purpose include firewall appliances, IPSs, and ACLs.
Detective controls: Detective controls are located within the network to track whether an adversary has potentially infiltrated it. These controls monitor and analyze network activities to identify security incidents and will alert the Security Operation Centers (SOCs) if they detect any signs of unauthorized access or malicious activity. Devices that can be used for this purpose include IDSs, SIEM systems, and log analyzers.

Chapter 11

Question 28

5 different types of data require differing concerns

Answer 28

Regulated: Governed by specific laws and regulations
Trade secret: Proprietary and confidential business information
Intellectual property: Unique creations such as patents, copyrights, and trademarks
Legal information: Related to the law and legal matters
Financial information: Data about monetary transactions

Chapter 12

Question 29

Data types are classified into what two broad classifications?

Answer 29

Human-readable data: This is information that can be easily understood by humans, such as text, images, and audio. This data is then encrypted for security.
Non-human-readable data: This data includes binary code, machine language, and encrypted data. To protect non-human-readable data, cryptographic algorithms, secure key management, and secure hardware modules are essential to safeguard sensitive information.

Chapter 12

Question 30

6 Data classifications: Based on who should be able to access it and the potential consequences of a breach

Answer 30

Sensitive: Requires protection due to privacy or security concerns
Confidential: Highly restricted access, often legally protected
Public: Open and accessible to anyone
Restricted: Limited access to authorized users
Private: Restricted access, not public
Critical: Vital for an organization’s functioning

Chapter 12

Question 31

Three General Data Considerations

Answer 31

*The context in which data resides

Data states: Data at rest, in transit, and in use
Data sovereignty: Compliance with the national laws of the country where the data is located
Geolocation: Determining the physical location of data or devices*

Chapter 12

Question 32

Methods to secure data: 8 differing ways we can keep data safe

Answer 32

Geographic restrictions: Limiting data access based on location
Encryption: Transforming data into unreadable code
Hashing: Creating unique fixed-length output
Masking: Concealing sensitive data
Tokenization: Replacing with randomized data, called tokens
Obfuscation: Making data confusing or unclear
Segmentation: Isolating data for protection
Permission restrictions: Controlling who can access data

Chapter 12

Question 33

High availability and two ways to achieve it

Answer 33

*Continuous system operation with minimal downtime or disruptions

Load balancing: Distributing work for optimal system performance
Clustering: Nodes collaborate for high availability and fault tolerance*

Chapter 13

Question 34

Site considerations

Answer 34

Different site options for disaster recovery planning:
Hot: Fully equipped backup site, ready for immediate use
Cold: Inactive backup site, minimal resources, longer setup
Warm: Partially equipped backup site, faster setup than cold
Geographic dispersion: Spreading resources across multiple locations for resilience

Chapter 13

Question 35

What are the 5 benifits to Platform diversity?

Answer 35

Implementing diverse technologies for resilience

Redundancy: Diversifying your technology platforms ensures that a single point of failure doesn’t bring down your entire security infrastructure. If one platform faces a disruption, others can step in to maintain the integrity of your defenses.
Adaptability: Different platforms are designed for various purposes, and their adaptability can be harnessed to counter different types of threats. Whether it’s leveraging specialized hardware for encryption or using diverse software solutions for monitoring, each platform contributes to your overall security posture.
Resilience against evolving threats: Cyber threats constantly evolve, seeking vulnerabilities in specific platforms. By diversifying your technology stack, you can reduce the risk of falling victim to a single type of attack or exploit.
Enhanced recovery options: In the event of a breach or disaster, having diverse platforms can facilitate a quicker recovery. Having multiple technology avenues to restore operations allows for greater flexibility in crafting recovery strategies.
Compliance and regulation: Certain regulatory frameworks and industry standards may require diversity in security measures. A diversified platform approach can help ensure compliance with these requirements. For example, an organization could use different types or
brands of firewalls within their network security infrastructure to ensure layered protection and reduce the risk of a single firewall vulnerability compromising security.

Chapter 13

Question 36

What are 4 benifits to utilizing Multi-cloud systems?

Answer 36

Leveraging multiple cloud providers for redundancy

Resilience against downtime: One of the primary advantages of multicloud
systems is resilience. By spreading workloads across multiple providers and regions, organizations can ensure that a localized failure or outage at one provider does not result in complete downtime. This redundancy translates to enhanced uptime and reliability.
**Flexibility and choice: **Multi-cloud adoption grants organizations the freedom to choose the most suitable cloud services for each specific task or application. It’s like having a toolkit with a variety of specialized tools. You simply need to select the right one for the job at hand.
Cost optimization: Multi-cloud strategies can be cost-effective. Organizations can take advantage of competitive pricing and negotiate better deals with multiple providers. Additionally, they can scale resources up or down according to their needs.
Avoiding Vendor Lock-In: Relying on a single cloud provider can sometimes lead to vendor lock-in, which makes it challenging to migrate elsewhere if needed. Multi-cloud systems mitigate this risk by maintaining a level of independence from any single provider.

Chapter 13

Question 37

What are 4 essintial features of Continuity of operations (COOP)?

Answer 37

Maintaining seamless functionality during disruptions

Resilience and redundancy: COOP aims to build resilience into an organization’s infrastructure, systems, and processes. This includes redundancy in critical systems, data backups, and alternate communication methods. The goal is to reduce single points of failure.
Communication plans: Effective communication is vital during a crisis. COOP includes well-defined communication plans that ensure information flows smoothly within the organization and to external stakeholders. This helps maintain trust and transparency during
challenging times.
Personnel preparedness: COOP involves training personnel to carry out their roles during disruptions. This includes cross-training, developing clear responsibilities, and ensuring that key personnel are available, even during emergencies. Organizations simulate disruptions
to evaluate their ability to execute the plan and make improvements as necessary.
Review and updates: Regular reviews and updates are essential to keep the plan aligned with current risks and organizational changes.

Chapter 13

Question 38

What are the 4 things to consider for Capacity planning for people?

Answer 38

Skill set assessment: Effective capacity planning starts with a thorough evaluation of the skills and competencies of the workforce. Organizations must identify the gaps and anticipate
skill requirements for upcoming projects or restructuring.
Workload distribution: Understanding the workload distribution is essential. Capacity planning ensures that employees are not overburdened, which can lead to burnout, or
underutilized, which is inefficient.
Talent acquisition and development: To meet future demands, organizations must proactively acquire new talent and invest in employee development. This ensures that the
workforce remains adaptable and equipped for evolving roles.
Succession planning: Succession planning refers to the identification of potential leaders within the organization. This helps ensure a seamless transition of key roles by preventing disruptions in leadership.

Chapter 13

Question 39

What are 4 things to consider for Capacity planning for technology?

Answer 39

Resource scalability: Organizations must be prepared to scale their technology resources as demand fluctuates. This might involve cloud computing, virtualization, or scalable software solutions.
Hardware and software upgrades:Regularly assessing and upgrading hardware and software is crucial. Obsolete technology can hinder performance and efficiency.
Security and compliance: Capacity planning includes strengthening cybersecurity measures and ensuring compliance with data protection regulations to safeguard the organization against threats and legal repercussions.
Innovation and emerging technologies: Staying ahead in the digital landscape requires a focus on innovation. Capacity planning accounts for the integration of emerging technologies to maintain competitiveness.

Chapter 13

Question 40

What are 3 things to consider for Capacity planning for infrastructure?

Answer 40

Facility expansion and optimization: Organizations must plan for facility expansions or consolidations as the workforce grows and changes in remote working trends occur.
Energy efficiency: Capacity planning also involves improving energy efficiency in data centers and facilities to reduce operational costs and environmental impact.
Disaster recovery: Ensuring that infrastructure can withstand and recover from natural disasters or other disruptions is vital for business continuity.

Chapter 13

Question 41

What are 4 methods for Testing resilience and recovery?

Answer 41

Assessing readiness through various simulation exercises
Tabletop exercises: Scenario discussions for response preparedness
Failover: Seamless transition to backup systems during disruption
Simulation: Realistic incident replication for training and evaluation
Parallel processing: Concurrent task execution for optimized performance

Chapter 13

Question 42

What are 7 important Backup features?

Answer 42

Safeguarding data with secure and regular copies:
On-site/off-site: Data backup locations for redundancy and security
Frequency: Regular backup intervals for data preservation
Encryption: Data protection through secure coding and algorithms
Snapshots: Point-in-time copies for data recovery and analysis
Recovery: Swift restoration of systems after incidents
Replication: Duplicate data for real-time redundancy
Journaling: Record changes for precise data recovery tracking

Chapter 13

Question 43

What 3 devices help with maintaining equipment Power?

Answer 43

Ensuring consistent energy supply for operations:
Generators: Backup power source for sustained functionality during outages
Uninterruptible Power Supply (UPS): Immediate power backup for critical systems
Power Distribution Units (PDUs): Their primary function is to maintain a balanced distribution of power, guard against the perils of overload and overheating, and thereby enhance the safety and longevity of connected equipment

Chapter 13