Security Architecture OBJ 3.4 Flashcards
Which of the following terms emphasizes the mathematical structure used to scramble data so that only a specific key can unscramble it?
Digital Signature
Cipher block
Encryption Algorithm
Hash Function
Encryption Algorithm
An encryption algorithm provides a structured method for converting plaintext into ciphertext. A good algorithm ensures data remains confidential and secure from unauthorized access.
Digital Signature
Digital signatures validate the authenticity and integrity of a message or document, ensuring it hasn’t been tampered with since being signed.
Cipher block
A cipher block refers to a fixed-size portion of data that an encryption algorithm processes. It doesn’t define the mathematical method itself.
Hash Function
A hash function takes input and returns a fixed-size string, typically used for verifying data integrity, but it does not encrypt data for the purpose of confidentiality.
RSA algorithm
The RSA algorithm uses a trapdoor function, where encryption is easy to perform using the public key, but reversing the process (decryption) without the private key is challenging. RSA’s principle is that certain mathematical operations are easy to perform, but their inverse operations are difficult without specific knowledge.
Symmetric encryption
Symmetric encryption is a type of encryption where the same key is used for both encryption and decryption, unlike RSA which uses a pair of public and private keys.
Hash function
A hash function is a process that converts an input (often a long string) into a fixed-size value, commonly used for verifying data integrity but not specifically tied to RSA’s public key cryptography
Digital signature
A digital signature is a means to verify the authenticity of a digital message or document, using a combination of hashing and encryption, but it isn’t the mathematical property of RSA.
A financial institution is seeking to secure its customer database to ensure that, even if a breach occurs, the stolen data remains unintelligible. Which of the following encryption levels would be the MOST appropriate to directly safeguard the contents of the
Database level encryption
Mary works at Kelly Innovations LLC, where she is tasked with developing and testing new software releases. She is looking at updating the backup system since she noticed that sometimes they need to revert to a previous build several times a day due to unexpected issues. Which backup frequency would be the most appropriate for her to implement?
Continuous backups
Which of the following architecture models is BEST described as a model that allows developers to write and deploy code without concern for the underlying infrastructure because the cloud provider automatically manages the execution, scaling, and networking?
Serverless architecture (correct)
Air-gapped network
IaC
Virtualization
Which of the following BEST describes the concept where network control is managed by a software application, independent of the hardware?
Software Defined Networking (SDN) separates network control from the physical infrastructure, centralizing management and offering flexibility.
Logical segmentation of Network
Logical segmentation divides a network into separate units for better traffic management and security but doesn’t decouple control from hardware.
Containerization
Containerization packages applications with their environment for consistent behavior but is unrelated to network control.
Virtualization
Virtualization refers to creating virtual versions of physical resources, such as servers or storage, but does not specifically address network control being managed independently of hardware.
Dion Training is planning to expand its online services, including launching multiple subdomains for different courses. They want a single certificate that can secure all these subdomains. Which type of certificate should Dion Training consider?
Wildcard certificate,
which can be used to secure multiple subdomains under a single main domain. It offers a convenient and cost-effective way to manage certificates for subdomains.
CSR (Certificate Signing Request)
A CSR is a formal message to a CA for a digital certificate. It’s a request, not a type of certificate. While it is signed and verified by an external CA, a third-party certificate doesn’t specify the number or type of domains covered and hence wouldn’t inherently secure multiple subdomains.
Self-signed certificate
A self-signed certificate is signed by its creator and doesn’t inherently cover multiple domains or subdomains.
