Security Architecture Flashcards
Identity and Access Management (IAM)
Frameworks and processes to control and manage user identities and access to resources
Endpoint Detection and Response (EDR)
A solution to monitor and respond to threats on endpoint devices
Network Access Control (NAC)
A solution to enforce security policies on devices trying to access the network
Cloud Access Security Broker (CASB)
A tool for monitoring and enforcing security policies for cloud-based applications and data
Shared Responsibility Model
A framework where cloud providers and customers share security responsibilities
Container Security
Protecting containerized applications and their environments from vulnerabilities and threats
Identity Federation
Linking a user’s identity across multiple systems, often used in cloud services
Serverless Security
Securing applications that run on serverless computing platforms by addressing unique risks
Security Incident and Event Management (SIEM)
A tool for aggregating and analyzing security event data in real-time.
Blockchain Security
Protecting data integrity and transactions within a blockchain network
802.1X
A network access control protocol used for port-based authentication on wired and wireless networks
DNS Security Extensions (DNSSEC)
A protocol to secure DNS by adding digital signatures to DNS records
Proxy Servers
Devices that act as intermediaries for requests between clients and servers to enhance security and performance
Perfect Forward Secrecy (PFS)
A feature ensuring that a session key cannot be compromised even if the private key is exposed.
Cipher Suite
A set of cryptographic algorithms used to secure network communications
HMAC (Hash-based Message Authentication Code)
A cryptographic algorithm for verifying data integrity and authenticity
Ephemeral Keys
Temporary encryption keys used for a single session to enhance security
Threat Avoidance
Anticipating and addressing potential security issues during the design phase of a system
Software Defined Perimeter (SDP)
A security approach that creates dynamic and user-specific perimeters for network access
Federated Identity
A single identity across multiple systems or organizations, allowing seamless access
Trusted Platform Module (TPM)
Provides hardware-based cryptographic functions for secure key storage and system integrity
Secure Enclave
A trusted execution environment for isolating sensitive processes and data
Software-Defined Networking (SDN)
Centralized control of network traffic allows for dynamic security policies.
Privileged Access Management (PAM)
Securely manages and audits privileged user accounts