Security Architecture Flashcards

1
Q

RISO/IEC 27001

A

Global enterprises/companies. Information security management system (ISMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

NIST (CSF)

A

National Institute of Standards and Technology. Cybersecurity Framework. For U.S government. Best rick managment guidlines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CIS Controls

A

Netowork, OS. Business. IT security teams (what rules they have in security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PCI-DSS

A

Payment Card Industry Data Security System. Protecting credit card transactions. Banks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

HIPAA

A

Health Insurance Portability & Accountability Act. Healthcare data security. Hospitals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

MITRE & CK

A

Rules for SOC teams, cyber threats analysts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

5 Core functions of NIST

A
  1. Identify
  2. Protect.
  3. Detect.
  4. Respond
  5. Recover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Bell - LAPadula Model

A

enforces confidentiality (no read up, no write down). Military and goverment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Biba Model

A

Enforces integrity. no write up no read dow. Preventing low trust users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Clark- Wilson Model

A

Ensures well-formed transactions & seperation of duties. Financial transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Brewer-Nash Model (CHinese Wall)

A

Prevents conflicts of interests in data access (Financial and legal companies)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MAC

A

Mandatory Access Control - restricts access based on security labels. Goverment/military

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DAC

A

Discretionary AC. User based permission control. WIndows file sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

RBAC

A

Role Based AC - access based on job positions. Companies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ABAC

A

Attribute-Based AC - location, device, risk level. Cloud security, dynamic access policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CIA

A

Confidentiality - protects from unauthorized access
Integrity - data remains accurate and unaltered
Availability - data and system as accessible when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Data Classification Levels

A
  1. Public - no restrictions (marketings sites)
  2. Internal Use Only - low risk (company polices
  3. Confidential - restriced to specific groups in company
  4. Highly Confidential - govermnet secrets, financial data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Symetric encryption

A

Uses SINGLE (public) key. (AES-256 for file encrypting) (fast, less secure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Asymetric encryption

A

Uses a public and private key pair. RSA for email encryption.

public encrypts. private decrypts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Transport Encryption

A

encrypts data in transit (TLS, SSL for web browsing)

21
Q

Disk encryption

A

encrypts data at rest (BitLocker, FileVault)

22
Q

DLP

A

Data Loss Prevention

23
Q

Endpoint DLP

A

protects data on DEVICES (blocks usb driverse, screnshots)

24
Q

Network DLP

A

monitoring data leaving the network

25
Q

Cloud DLP

A

no cloud leaks

26
Q

BDR

A

Backup and Disaster Recovery

27
Q

3-2-1 Rule

A

3 copies of data. 2 on different storage types (one cloud, second on sdd disk). third one is offsite.

28
Q

DRP (Disaster Recovery Plan)

A

Plan to recover from data loss events.

29
Q

Full Backup

A

Copies entire system (once a week)

30
Q

Incremental Backup

A

Saves only the changes from the last backup.

31
Q

Differential Backup

A

Saves all the changes since the last full backup

32
Q

Tokenization

A

replaces real data with tokens. (used in credit cards)

33
Q

Masking

A

hides parts of data. (only show last 4 digits of social security number)

34
Q

GDPR

A

General Data Protection Regulation - protects EU citizens data privacy.

35
Q

CCPA

A

California Consumer Privacy Act - granst california residents contorl over personal data.

36
Q

SOX

A

integrity of financial records for public comapnies

37
Q

RPO

A

Recovery Point Objective. Maximum data loss allowed.

(how much data is allowed to be lost. Measure in time “we can only lose 30 min of data”)

38
Q

RTO

A

Recovery Time Objective.
Maximum downtime allowed.

39
Q

HA

A

High Availability.
Ensures continious system availability through failover mechanisms.

39
Q

Redundancy

A

Having Backups systems in place (multiple data centers)

40
Q

IRP

A

Incident Response Planning.
Documented procedues for responding to security procedures.

41
Q

Security awarness training

A

Train your employees to recognize threats

42
Q

ZTA

A

Zero Trust Architecture.
Every access if verified.

43
Q

Disaster Recovery Plan Steps (DRP)

A
  1. Risk Assessment - identify threats
  2. Business Impact Analysis (BIA) - Evaluate impact of a disasters
  3. Recovery Strategies - backup sollutions, failover systems,
  4. Testing&Training - ensure rediness
  5. Plan Maintenance - update the plan regularly based on learned lessons.
44
Q

Failover systems

A

automatically switch to a standby system in case of failure.

45
Q

Clustering

A

Many servers work together as a single system

46
Q

RAID

A

Redundant Array of Independent Disks.

protects against disk failures

47
Q

Need to Know

A

Restricts access within a role if unnecessary