Security Architecture and Engineering Flashcards

1
Q

Which type of public key (Asymmetric) algorithm are “quantum resistant”?

A

Lattice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3 Categories of Fire Detection

A
  • Smoke Sensing
  • Flame Sensing
  • Heat Sensing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Ciphers

A

Stream cipher
Block cipher
Substitution Cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

API types

A
  • REST
  • Web
  • SOAP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In REST API, What REST stands for…

A

Representational State Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

About REST API

A
  • REST Architectural Style
    Web Services for; Web, mobile and desktop applications
  • Uses HTTP; GET POST PUT DELETE
  • Uses JSON and XML
  • Stateless client-server model
  • Scalable and Easy to maintain
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When to use REST API?

A
  • Non complex simple applications uses CRUD ops
  • Building web services that require a stateless, scalable, & easy-to-main architecture.
  • Apps with CRUD(creating, reading, updating & deleting data)
  • e.g. WhatsApp
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Web API?

A
  • Stateless or Stateful
  • Primary purpose is to provide a platform-independent interface
  • it uses HTTP, HTTPS, and TCP/IP to communicate between the clients and servers
  • Doesn’t follow a special architecture or structure
  • Flexible interface
  • Good for complex applications with integration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When to use Web API?

A

When building complex applications that require integration with different systems and technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SOAP (API) stands for

A

Simple Object Access Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

About SOAP API

A
  • Used for exchanging structured data between different applications
  • uses XML
  • Wide range of data types; text numbers, dates and binary
  • Supports; HTTP, SMTP, and FTP
  • Set of rules
  • WSDL or UDDI protocol
  • Digital Signatures
  • Enterprise level apps
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When to use SOAp?

A
  • Apps require a highly secure and reliable method of exchanging data between applications.
  • Complex data structures and logic apps
  • Digital Signatures and Encryption
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CASB stands for

A

Cloud Access Security Broker.
It is a security policy enforcement solution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CASB - 2 Primary deployment methods

A
  • On Premise based solution
  • Cloud based solution
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CASB Roles

A
  • Provide Visibility into cloud use. Shadow IT
  • Data Loss Prevention (DLP) Services
  • Inject Encryption into the cloud
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which type of encryption algorithms hold up to the power of Quantum Computing

A
  • Symmetric
  • Shared key, bulk encryption (fast)
  • Holds up fairly well to quantum computing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Code Vs. Cipher

A
  • Code is sometimes secret and dont always provide confidentiality
  • Ciphers are always mean to hide the true meaning of a message
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Example of Stream Ciphers

A

Caesar
Vigenere
One-time pad
(Difference is key length)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Fast and Strong Crypto keys

A
  • Symmetric —> Fast
  • Asymmetric —> Strong
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

HASH function Requirements

A
  1. They must allow input of any length
  2. Provide fixed-length output
  3. Make relatively easy to compute the hash function for any input
  4. Provide one-way functionality
  5. Must be Collusion free.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

DoS Examples

A
  • SYN Flood attack
  • Smurf attack
  • Ping-of-death attack
  • Teardrop attack
  • Fraggle attack
  • Land Attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

An Architecture describes

A
  • The designed structure of something.
  • A system architecture, then, is a description of how specific components are deliberate put together to perform some actions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Client-Based Systems are

A

Embodied in applications that execute entirely on one user device such as workstation or smartphone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Sever-Based Systems ( client/server systems)

A

Require that two or more separate applications interact with each other across a network connection in order for users to benefit from them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A Database Management System (DBMS) is a

A

Software system that allows you to efficiently create, read, update and delete (CRUD) any given set of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

DBMS transactions

A

Which a term describes the sequence of actions required to change the state of the database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A foundational principle in database transactions is referred to as their ACID Properties, which stands for:

A
  • A - atomicity: Entire transaction succeed or roll backs
  • C - consistency: strictly follows all applicable rules
  • I - isolation: parallel transactions happen in isolation to avoid corruption
  • D - durability: completed transactions stored.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

DBMS: database introduces 2 specific issues:

A
  • Aggregation: is an act of combining information from separate sources.
  • Inference: is the ability to derive information not explicitly available
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

DBMS:
- content-dependent access control
- context-dependent access control

A
  • content-dependent access control: is based on the sensitivity of the data
  • context-dependent access control: that software understands what actions should be allowed based on the state and sequence of the request
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

High-Performance Computing Systems

A

HPC is the aggregation of computing power in ways that exceed the capabilities of general-purpose computers for the specific purpose of solving large problems.

31
Q

Industrial Control Systems ( ICS)

A

Consist of information technology that is specifically designed to control physical devices in industrial processes.

32
Q

Paramount of the Industrial Control Systems (ICS) is

A
  1. Safety of the workers
  2. Availability
33
Q

A good resource for ensuring ICS (Industrial Control Systems) safety, security, and availability is NIST….

A

NIST SP 800-82 Revision 2

34
Q

Industrial Control Systems (ICS) 3 devices

A
  • Programmable Logic Control (PLC)
  • Human-Machine Interface (HMI)
  • Data Historian
35
Q

Distributed Control System (DCS) is a

A

Network of control devices within fairly close proximity that are part of one or more industrial processes.

36
Q

Supervisory Control and Data Acquisition (SCADA) systems were…

A

Developer to control large scale physical processes involving nodes separated by significant distances.

37
Q

Main Conceptual differences between DCS and SCADA are

A

Size and distances.

38
Q

SCADA systems typically involve three kinds of devices:

A
  • Endpoints (Remote Terminal Unit)
  • Backends (Data acquisition server)
  • User Stations (Human Machine Interface)
39
Q

The most important principle in defending OT systems is to isolate them from the….

A

Public Internet, either logically or physically

40
Q

Virtual systems are…

A

Those that exist in a software-simulated environments

41
Q

Virtual Machines (VMs) are..

A

Entire computer systems that reside inside a virtual environment.

42
Q

Hypervisor is the…

A

Central program that controls the execution of the various guest operating systems and provides the abstraction level between the guest and host environments

43
Q

Type 1 Hypervisor…

A

Runs directly on hardware or bare metal and manages access to it by its VMs.

44
Q

Type 2 Hypervisor…

A

Runs as applications on OS

45
Q

Hypervisors allow you to have…

A

One computer running several different operating systems at one time

46
Q

Containerization

A
  • As Virtualization matured, a new branch called containerization emerged. A container is an application that runs in its own isolated user space.
47
Q

Example of Container
(Big names)

A
  • Dockers on the commercial side
  • Kubernetes as the open-source alternative
48
Q

NIST on Container…Application Container Security Guide

A

NIST SP 800-190

49
Q

Microservices…

A

A common use of containers is to host microservices, which is a way of developing software where, rather than building one large enterprise application.

50
Q

Microservices….log aggregation

A

Where as Microservices are decentralized, we want to log them in a centralized fashion so we can look for patterns that spans multiple services and can point to malicious intent.

51
Q

Serverless

A

In a server-less architecture, the services offered to end users, such as compute, storage, or messaging, along with their required configuration and management, can be performed without requirement from the user to set up any server infrastructure.

52
Q

Cloud Computing is the

A

Use of shared, remote computing devices for the purpose of providing improved efficiencies, performance, reliability, scalability, and security.

53
Q

Generally three models for cloud computing services, they are

A
  • Software as a Service (SaaS)
  • Platform as a Service (PaaS)
  • Infrastructure as a SeService (IaaS)
54
Q

Cloud Deployment Models

A
  • A Public Cloud
  • A Private Cloud
  • A Community Cloud
  • A Hybrid cloud
55
Q

Pervasive Systems

A

Pervasive Computing ( ubiquitous computing or Unicomp) is the concept that small (even tiny) amounts of computing power are spread out everywhere computing is embedded into everyday objects that communicate with each other, often with little or no user interaction, to do very specific things for particular customers.

56
Q

Embedded systems
(aka Cyber-Physical Systems)

A

Is a self-contained computer system ( that is, it has its own processor, memory, and IO devices) designed for very specific purpose.

57
Q

IoT (Internet of Things)

A

IoT is the global network of connected embedded systems.

Each node is connected to the internet and is uniquely addressable

58
Q

Issues with IoT

A
  • Authentication
  • Encryption
  • Updates
59
Q

Distributed Systems

A
  • Is one in which multiple computers work together to do something.
  • we could then say that a distributed system is any system in which multiple computing nodes, interconnected by a network, exchange information for the accomplishment of collective tasks.
  • Another approach to distributed computing is found in peer-to-peer systems, which are systems in which each node is considered an equal to all other.
60
Q

Popular examples of peer-to-peer systems

A
  • BitTorrent
  • Onion Router (TOR)
  • Cryptocurrency like bitcoin
61
Q

Edge Computing Systems

A

Is a distributed system in which some computational and data storage assets are deployed close to where they are needed in order to reduce latency and network traffic.

62
Q

Edge Computing architecture has 3 layers

A
  1. End devices
  2. Edge Devices
  3. Cloud Infrastructure
63
Q

Cryptography is the

A

Practice of storing and transmitting information in a form that only authorized parties can understand

64
Q

Cryptanalysis is the

A

Name collectively give to techniques that aim to weaken or defeat cryptography

65
Q

Together Cryptography and Cryptanalysis comprise….

A

Cryptology

66
Q

Around 600 B.C. Hebrew invented cryptographic method called….

A

atbash

67
Q

atbash is an example of ________ cipher

A

Substitution

68
Q

Mono alphabetic substitution uses

A

Only one alphabet

69
Q

Polyalphabetic substitution cipher uses

A

Multiple alphabets

70
Q

Around 400 B.C. the Spartans used a system of encrypting information in which

A

They would write a message on a sheet of papyrus (a type of paper) that was wrapped around a staff which was then delivered and wrapped around a different staff by recipient. Scytale cipher is and example transposition cipher

71
Q

In Rome, Julius Caesar (100-44 B.C.) developed a simple method of shifting letters of alphabet…

A

Simply shifted the alphabet by three positions

72
Q

DES (Data Encryption Standard) was used worldwide for financial and other transactions, and was embedded into numerous commercial applications. Adopted from…

A

IBM developed Lucifer

73
Q

DES was cracked in ______, and after few years replaced by ______

A

1990s, Advanced Encryption Standard (AES)