Security Architecture: Quiz Revision Flashcards
Order the six phases of the software development life cycle from first to the last phase.
Maintain
Design
Deploy
Test
Implement
Plan
The Software Development Life Cycle (SDLC) is a framework that outlines the steps involved in the development of software at each phase during the process. It encompasses a detailed plan for building, deploying, and maintaining the software during its lifetime. The six phases of the software development life cycle are ordered as follows:
Plan
Design
Implement
Test
Deploy
Maintain
In security architecture testing, which testing activities aid in the assessment of system resilience and performance when a failure might occur, or when the workload increases? (Choose two.)
A)Penetration testing
B)Vulnerability scanning
C)Parallel processing
D)Failover testing
Failover testing and parallel processing would help in assessing system resilience and performance during a failure.
In failover testing, you would deliberately trigger a failure in a system component to evaluate the effectiveness of the failover mechanism. This method assesses the system’s ability to switch to backup components or systems seamlessly in the event of a failure, ensuring continuity and minimal disruption to operations. An example would be shutting off the power to a facility to test the backup generator.
In parallel processing, you would test the ability to handle increased workloads by simultaneously executing multiple tasks or processes to assess the system’s ability to cope. This method is particularly useful for evaluating performance under heavy loads and determining whether the system can efficiently distribute and process tasks in parallel. Parallel processing also ensures redundancy is built in to the system by duplicating components and workloads.
What is vulnerability testing?
In vulnerability scanning, you would identify and assess security vulnerabilities in a system. While this test is important for security, it does not test the architecture for capacity.
What is Penetration testing?
Penetration testing would simulate cyberattacks to identify and exploit vulnerabilities in a system. This provides critically valuable information, but penetration testing does not evaluate capacity planning.
You are examining security architecture models. Which consideration describes the ability to withstand cyberattacks and system failures, and to recover from them?
A)Resilience
B)Reponsiveness
C)Scalability
D)Cost
Resilience is closely related to fault tolerance and redundancy. Resilience is the ability of a system to recover from a failure with the least amount of down time. A redundant array of independent drives (RAID) system at RAID1, RAID5, or RAID10 will tolerate a failed drive and allow the system to remain operational during repairs. A similar concept exists with network interface cards (NICs), called teaming. Multiple NICs are joined via software, so that if any one of the cards in the team fails, the other cards absorb the load.
Why is scalability important in a security architecture model?
Scalability is a significant architecture consideration. You might save on some initial costs if you use a fixed design that is not scalable in either direction. You want a system that can scale up when demand increases and scale down when demand decreases. Scalability is typically much easier to accomplish in a cloud environment than with physical servers.
Why is Cost important in a security architecture model?
Cost is a big factor when considering fault tolerance, resilience, and redundancy. The costs increase as the amount of down time you can tolerate decreases. Resilience also deals with site redundancy. A hot site is going to be much more resilient than a cold site, but also much more expensive to operate. The cost to maintain an uptime level is directly related to the resiliency required. For example, 99.999% uptime means you must add multiple redundancies in an attempt to eliminate every single point of failure. 99.999% up time means that your system can only be down for 5 minutes and 15 seconds per year. To accomplish that, you will need a lot of redundant equipment, and that is expensive.
Responsiveness in a security Architecture general refers to?
Responsiveness generally refers to how fast and reliably a cloud solution can react and perform the tasks required. This can be negotiated in a Service Level Agreement (SLA) where items like acceptable throughput and response times are specified.
Analysis of a recent breach shows that the breach was caused when the firewall allowed an unconfirmed packet to pass through to the internal network. Which failure mode should you implement to prevent unconfirmed packets from passing through?
A)Active
B)Passive
C)Fail-closed
D)Fail-open
You should implement a fail-closed strategy. A fail-closed system will shut the drive or system down when a designated failure condition is detected. In the case of the example above, the firewall would be configured to shut down when it examines a packet that the firewall cannot determine if it should be allowed. In a fail-closed system, security is the most important factor.
A fail-open system remains operational (open) when a failure condition occurs. This strategy is implemented when it is determined that the criticality of access to the system outweighs the need to authenticate. As an example, if an insurance verification system in a hospital fails, the hospital may have a fail-open policy that allows patient treatment now and figuring out the insurance issues later.
Active is not a failure mode, but rather a term used with an Intrusion Prevention System (IPS). An IPS is in-line with the traffic it monitors, so it is considered active.
Passive is not a failure mode, but rather a term used with an Intrusion Detection System (IDS). An IDS performs out-of-band monitoring, so it is considered passive.
You are evaluating cloud architecture and infrastructure concepts. Which factors are MOST important for enhancing separation and minimizing attack surfaces? (Choose two.)
A)Cloud orchestration
B)Microservices
C)Physical isolation
D)Logical segmentation
Physical isolation and logical segmentation contribute the most to minimizing attack surfaces.
Physical isolation means that one network is unable to communicate with another network. A similar term is air-gapped. When you have networks that are responsible for different types of traffic, it might be a good idea to physically isolate them so that one network cannot be used to communicate with a device on the other network. As an example, a supervisory control and data access (SCADA) system that controls HVAC in a hospital should be held separate from the patient data network.
Logical segmentation is subdividing a larger network into several smaller networks. This can be accomplished through virtual local area networks (VLANs) and subnetting. These methods allow the administrator to group computers logically rather than by their physical locations.
What is a micro services?
Microservices are small snippets of code that are designed to perform a single specialized task on demand. A microservice would receive input(s), perform whatever computations, and provide output(s). A simple example would be a Fahrenheit to Celsius converter. The microservice F_to_C would receive Fahrenheit degrees (32 for example), perform the calculation C=(F-32) x 5/9 and output the result of 0. In ecommerce, a microservice might be used to accept a tracking number, identify the shopping carrier by the first two digits of the tracking number, go to the shipper’s website to retrieve the tracking info and then display the tracking info. Other names for microservices are modules, functions, and stored procedures
What is cloud orchestration involve?
Cloud orchestration involves automating the deployment, management, and scaling of cloud infrastructure. Cloud orchestration focuses on operational efficiency rather than security separation.
Data may be subject to the laws and regulations of the nation in which it is collected, not necessarily where it is stored. Which principle is being described?
A) Chain of custody
B) Incident response plan
C) Data sovereignty
D) Legal hold
The only correct answer in this situation would be data sovereignty. Data sovereignty refers to government or enterprise efforts to prevent their citizens’ or customer data from falling into the wrong hands via measures that restrict how personal information can be transferred beyond their country’s borders.
You are incorporating a perimeter network into a network redesign and are adding several new devices to enhance security. Which of these would NOT be best placed in the new perimeter network?
A) DDoS mitigation
B) Proxies
C) VPN concentrators
D) Aggregation switches
Aggregation switches are not best placed in a perimeter network because they are best used to connect other switches together. They can be placed anywhere they are needed. Aggregation switches create a single bandwidth stream from multiple sources. A DDoS mitigator should be placed in the perimeter network so that it can detect and mitigate a DDoS attack.
Where are proxies best placed at in the network topology>?
Proxies are best suited for placement in the perimeter network.
While performing a penetration test, you encounter several issues that you plan to document in the final report. However, you need to ensure that management is immediately notified of any IoCs documented in the communication escalation path.
Which of the following is MOST likely to result in the need for immediate communication to management?
A) A finding was discovered regarding an out-of-scope system.
B) Unpatched applications exist on a system marked for retirement.
C) A network compromise has previously occurred about which management knows nothing.
D) Encrypted personally identifiable information (PII) was discovered on several systems.
Of the situations given, only the network compromise that has previously occurred about which management knows nothing should be immediately reported to management.
None of the other findings are critical, nor are they indicators of compromise (IoCs). Critical findings and IoCs are the only discoveries that should trigger immediate communication to management, unless otherwise noted in the communication escalation directions.
Issues with out-of-scope systems should be noted in the final report. However, out-of-scope systems should not be thoroughly tested. Often you may accidentally discover an issue with an out-of-scope system, but these should only be reported and not investigated further unless priorities change.
Encrypted PII will often exist on multiple systems. However, it is usually considered protected (unless a compromised encryption algorithm is being used). This issue would be included in the final report and only considered critical if 1) the PII should not be on the system on which it was discovered, or 2) the encryption algorithm being used to protect the PII has been compromised or is no longer considered secure.
Unpatched applications may exist on systems marked for retirement. However, this is usually not a critical issue because systems marked for retirement are often not updated regularly. The tester should note the discovery in the final report and instruct the organization that the soon-to-be retired system should be updated if retirement does not take place in the near future (next three months or so).
Communication triggers should include critical findings, stages, and indicators of prior compromise. All other discoveries should simply be included in the final report.
Where are VPN Concentrators best placed at in the network topology?
VPN concentrators should be placed in the perimeter network near the gateway. Other security devices and technologies that are sensitive to their placement include sensors, collectors, correlation engines, Load balancers, VPN concentrators, SSL accelerators, taps, and SDN. Sensors, collectors, and correlation engines should be placed closest to the devices being monitored to improve performance. Load balancers are usually placed in the same networks as devices that receive a high load. VPN concentrators should be placed on the VPN perimeter. SSL accelerators should be placed close to or on the devices using SSL. Taps should be placed closest to the devices they are monitoring. SDN can be used anywhere, but the SDN controller should be centrally located to provide the best performance for all devices that communicate via the SDN.
Your company has recently started adopting formal security policies to comply with several state regulations. One of the security policies states that certain hardware is vital to the organization. As part of this security policy, you must ensure that you have the required number of components plus one extra to plug into any system in case of failure. Which strategy is this policy demonstrating?
A)server redundancy
B)clustering
C)cold site
D)fault tolerance
Fault tolerance ensures that you have the required number of components plus one extra to plug into any system in case of failure.
What does clustering do>?
Clustering is the process of providing failover capabilities for servers by using multiple servers together. A cluster consists of several servers providing the same services. If one server in the cluster fails, the other servers will continue to operate.
What does cold site offer?
A cold site for disaster recovery includes a basic room with raised flooring, electrical wiring, air conditioning, and telecommunications lines. To properly test disaster recovery procedures at the cold site, alternate telecommunications and computer equipment would need to be set up and configured.
What considerations would you need to consider in a disaster recovery plan?
As part of any disaster recovery plan, security professionals should ensure that the organization covers the following geographic considerations:
Off-site backups – This ensures that copies of backups are stored off-site in case the primary site is affected by a disaster.
Distance – This ensures that the off-site storage or restoration location is far enough away from the primary site that it is not affected by the same disaster as the primary site.
Location selection – This ensures that a location is assessed to ensure that it is the best location for a backup site. For example, you would want to ensure that the appropriate physical controls are in place to ensure that your backups are protected.
Legal implications – This ensures that any legal implications regarding the off-site storage of data are considered. An organization may be under regulations that prevent certain sites or geographic locations from being used.
Data sovereignty – This ensures that the data is subject to the laws of the location where it is stored. For some organizations, compliance with multiple data sovereignty laws may be necessary.
Smart devices and Internet of Things (IoT) are growing rapidly. Which of these include embedded systems that are security risks? (Choose all that apply.)
A)Printers
B)Home automation devices
C)Medical devices
D)Wearable technology
Embedded systems are included in medical devices, wearable technology, home automation, and printers. All of these IoT devices have security risks.
Medical devices can be manipulated to report false data, resulting in harm to the patient, or to collect the patient’s protected medical data. They can also be tampered with to change parameters, such as changing the beat rate on a pacemaker. Finally, they can be tampered with to cause the battery life to diminish at a faster than normal rate.
Wearable technology devices usually transmit via Wi-Fi or Bluetooth to a host device, and as such are subject to attack. In addition to being subject to attack, wearable devices such as voice recorders, video recorders, and hidden cameras can also be used to gain information. Printers or multi-function devices (MFDs), particularly those with networking capability, have the same security concerns as any other device that can be remotely managed. For example, the printer may allow users to connect through Telnet or SSH. If those protocols are not used, turn them off.
Automotive vehicles with embedded systems are susceptible to attacks. As an example, an air pressure sensor on a tire can be manipulated to show a low-pressure alert. When the consumer fills the tire sufficiently so that the alert stops, the tire is now overinflated. This can cause the tire to explode at highway speeds. In rare cases, hackers have found a way to hack into “smart” automobiles and drive them remotely.
Home automation devices, such as smart thermostats, lighting systems, and refrigerators, are susceptible to security issues. The security concerns are the same as for industrial controls, just at the home level. One must ensure that security patches and firmware upgrades are applied, proper authentication controls are in place, devices are separated from the home network and Internet, and the device has a means to encrypt its data.
Which of the following has Firewall as a Service (FWaaS) as a component?
A) Secure Access Service Edge
B) Network segmentation
C) On-premises
D) Software-defined networking
Secure Access Service Edge (SASE) has Firewall as a Service (FWaaS) as one of its components. Other components include secure web gateways (SWG), a cloud access security broker (CASB), and zero trust network access (ZTNA). SASE is used to ensure security in a software-defined wide area network (SD-WAN) environment, particularly in a cloud environment. SASE is often associated with the zero-trust model.
On-premises network architecture allows an organization to maintain control of its architecture and resources by hosting it on-site. With on-premises hardware, the organization can even host its own private cloud.
Network segmentation involves dividing the network into either Layer 2 or Layer 3 to create desirable security barriers between devices in the network. It cannot route traffic from a device being flooded to a location where the traffic can be studied.
Software-defined networking (SDN) allows for dynamic reconfiguration of a network as a reaction to changes in volume, types of traffic, and security incidents.
Which concept involves contracting with a third party who will provide a location and equipment to be used in the event of an emergency?
A) Alternate business practices
B) Alternate processing sites
C) Disaster recovery plan
D) Offsite storage
Alternate processing sites involve contracting with a third party, who provides a location and equipment to be used in the event of an emergency. Alternate processing sites can be referred to as hot, warm, or cold sites depending on the level of equipment that they provide.
Alternate business practices could include allowing employees to work from home in the event of an emergency and temporarily reverting to paper and pen for orders following the failure of an electronic order processing system. A disaster recovery plan outlines how an organization should respond to an event of catastrophic nature. Examples include hurricanes, floods, earthquakes, tornados, and fire. A disaster recovery plan may include a provision for using alternate processing sites, but it does not involve contracting with the third party in any way. It just points to that agreement.
Which process allows you to deploy, configure, and manage data centers through scripts?
A) Baselining
B) IaC
C) Waterfall
D) Immutable systems
Infrastructure as code (IaC) is the process of using definition and configuration files to provision and manage data centers. Automating this process through scripts can ensure that there is more control and less opportunity for error when deploying servers, as compared with manual configuration. IaC is the foundation for secure DevOps. Security Development Operations (DevOps) means that security is built into all your development operations. Baselining allows you to know how software (or hardware, for that matter) performs under normal load situations. That behavior is known as metrics. When you add new services, you are able to determine what effect those services have on system performance. Because baselining is passive, it would not allow you to configure or manage data centers.
When comparing waterfall to the agile development life-cycle model, waterfall uses tightly defined processes that are executed in a linear sequence. Agile is a cyclical methodology where development phases are iterative, and each cycle moves the project a little closer to the final product. Because these are project management models, neither would be appropriate for managing data centers on an ongoing basis through scripts. Immutable systems are those where the configuration is static and may not be changed. This would not be appropriate for a data center environment where configurations may change to address security concerns.
Other secure application development issues include security automation and continuous integration.
Security automation occurs with agile software development. When automated security is integrated into agile development, security can be implemented effectively with ease during product development, rather than retrofitting security to a completed product.
Continuous integration merges updated source code from multiple developers into a shared repository on a regular basis. When code is checked in, it is automatically verified so that problems are detected early. Continuous integration often results in security issues not being discovered and resolved because the appropriate personnel do not review for security issues.
Which of the following architecture models is characterized by a design where administrative control and decision-making are distributed among various autonomous entities?
A) Virtualization
B) Containerization
C) Centralized
D) Decentralized
A decentralized architecture would have servers and associated equipment distributed amongst several smaller datacenters, even across different cloud providers. The biggest advantage to a decentralized architecture is that it diminishes the effect of a single point of failure. The biggest disadvantage would be the cost to maintain separate datacenters.
A centralized architecture would have the servers (and other equipment) in a single large datacenter. There are significantly less costs and management overhead with a centralized architecture. However, centralized architecture is particularly prone to single points of failure.
What is containerization involved in?
Containerization involves encapsulating applications and their dependencies into isolated containers. Security considerations in containerization include isolation between containers and host systems, secure image management, and maintaining the integrity of containerized applications.
Which component of capacity planning in security architecture focuses on defining and implementing guidelines, rules, and documentation to ensure the effective management of security practices within an organization?
A) Technology
B) People
C) Policies
D) Infrastructure
Capacity planning for policies requires the assessment and development of guidelines, rules, and documentation that dictate security practices within an organization. Policies establish the framework for implementing security measures, defining procedures, and ensuring compliance with regulatory requirements. Capacity planning for policies ensures that the necessary documentation is in place to guide security operations effectively.
What are the considerations of capacity planning for people?
Capacity planning for people involves the HR element of assessing and ensuring the availability of skilled personnel with the necessary expertise to implement security measures. This process ensures that the organization has the right skills, expertise, and personnel structure to effectively address security challenges, mitigate risks, and maintain a resilient security posture. The following areas should be evaluated: Skill assessment, staffing levels, training and development, succession planning, collaboration and communication with other areas of the organization, workforce flexibility, external resource availability and retention strategies.
What are the considerations of capacity planning for Technology?
Technology capacity planning involves evaluating and ensuring the availability of hardware, software, and security tools to support the organization’s security requirements. Key elements to consider are hardware resources, software solutions, network Infrastructure, cloud services, data storage, scalability, performance optimization, redundancy and high availability, Integration capabilities, regular updates, and patch management.
What are the considerations of capacity planning for Infrastucture?
Infrastructure capacity planning focuses on assessing and ensuring that the physical and virtual assets supporting an organization’s operations, such as servers and networks, can handle its security needs. Items to evaluate include server, network and storage capacity, data center resources, redundancy, scalability, cloud services, physical security, and disaster recovery planning.
You are building a public-access Wi-Fi system for a new hotel. You want to require the users to accept a fair use policy before connecting to the Internet. Which of the following should you implement?
A) 802.1X
B) Captive portal
C) WPS
D) RADIUS federation
Captive portals are associated with public-access Wi-Fi networks. Once you select the network, you are directed to a web page. There, you typically have to sign on and agree to a policy such as an acceptable use or fair use policy. Once your agreement is accepted, you can use the network. These portals are typically found in a public place, such as a hotel, coffee shop, or airport. None of the other options would force users to accept a fair use policy before connecting to the Internet.
What is RADIUS federation?
RADIUS Federation is a group of RADIUS servers that assist with network roaming and will validate the login credentials of a user belonging to another RADIUS server’s network. For the Security+ exam, you also need to understand EAP-FAST, EAP-TLS, and EAP-TTLS.
Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) is used in wireless and point-to-point networks. EAP manages key transmissions, and FAST creates a TLS tunnel to be used in authentication through a protected access credential.
In Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), EAP manages key transmissions, and TLS uses X.509 digital certificates for authentication.
In Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS), EAP manages key transmissions, and TTLS is an extension of TLS (which authenticates the server). TTLS encapsulates the TLS session, allowing for authentication of the client.
What is the process by which backup copies of data reinstated to the system after a data loss?
A) Encryption
B) Recovery
C) Replication
D) Journaling
Recovery is the process of reinstating data from backup copies to the primary system after a data loss event. The goal of recovery is to ensure the prompt restoration of data availability, minimizing downtime and allowing the resumption of normal operations.
What are the consideration in back up methods?
Recovery is the process of reinstating data from backup copies to the primary system after a data loss event. The goal of recovery is to ensure the prompt restoration of data availability, minimizing downtime and allowing the resumption of normal operations.
Encryption of backups is the process of converting stored data into a coded format to enhance security. However, the primary goal of encryption is data security, not resuming activities after a data loss.
Replication involves creating duplicate copies of data in real-time or near-real-time. While replication contributes to data consistency and minimizes recovery time, its primary objective is not the actual reinstatement of data after a data loss event. Replication focuses on synchronization rather than the recovery process.
Journaling would involve making a chronological log of changes in the data. This is sometimes called the transaction log. The log would record details regarding modifications, additions, and deletions to the data. While this is an important element of data integrity, it does not address confidentiality. Journaling would also assist with forensic analysis, and with the establishment of recovery point objectives.
Another backup concept you should be familiar with is snapshots. Snapshots are system images that reflect the state of the system at a certain point in time. It is a best practice to take a snapshot of the system prior to making major system changes, “just in case” something goes wrong during the change. Restoring (or recovering) using a snapshot allows you to recover whatever user data and settings existed at the time the snapshot was created.
Your organization has recently adopted SD-WAN to enhance its network connectivity. The IT team is tasked with implementing security controls to safeguard the enterprise infrastructure. Given this scenario, which actions would be most effective in securing the SD-WAN deployment? (Choose two.)
A) Implementing multi-factor authentication (MFA)
B)Conducting regular vulnerability scans
C)Selecting effective controls
D)Increasing bandwidth allocation
Conducting regular vulnerability scans and selecting effective controls would be the most effective.
Regular vulnerability scans are crucial in identifying potential weaknesses and security gaps within the SD-WAN infrastructure. By scanning for vulnerabilities on a routine basis, the IT team can proactively address and mitigate security risks, ensuring that the SD-WAN deployment remains resilient against potential threats.
Selecting effective controls specifically designed for SD-WAN is essential for securing the infrastructure. SD-WAN controls may include encryption protocols, access controls, and traffic monitoring mechanisms. These controls help in enforcing security policies, protecting data in transit, and preventing unauthorized access to the SD-WAN environment.
The new security plan for your organization states that all data on your servers must be classified to ensure appropriate access controls are implemented. Which statements are true of information classification? (Choose three.)
A)The two primary classes of data classification deal with military institutions and commercial organizations.
B)A data custodian must determine the classification of an information asset.
C)The two primary classes of the data classification scheme apply to nonprofit organizations and financial institutions.
D)A data owner must determine the information classification of an asset.
E)Data classification refers to assigning security labels to information assets.
Data classification refers to assigning security labels to information assets. The data owner must determine the information classification of an asset. Data classification is the most crucial method used to ensure data integrity. It is the responsibility of the data owner to decide the level of classification that the information requires. One purpose of information classification is to define the parameters required for security labels. After being classified, it is difficult to declassify data.
What are the two type of classification systems?
Military
Commercial
The types of commercial data classification are?
The types of commercial data classification are as follows:
Sensitive - Data that requires careful handling due to its potential to cause harm or damage if disclosed or accessed by unauthorized parties.
Confidential - Information that is kept secret or restricted to a certain group of individuals to maintain privacy, security, or proprietary advantage.
Public - Data that is freely available to anyone, often intended for widespread dissemination and consumption without restrictions.
Restricted - Information with access limited to specific authorized personnel, typically requiring authentication or clearance to ensure proper handling and protection.
Private - Data intended for limited access and not publicly available, often containing personal, proprietary, or sensitive information.
Critical - Information essential to the core functions and success of an organization, requiring the highest level of protection and access controls to prevent disruption or compromise.
The types of military data classification are?
The types of military data classification are as follows:
Top-secret: Information classified as top secret and crucial for national security. Examples include spy satellite intelligence and blueprints for newly developed weapons.
Secret: Secret information can pose a threat to national security if disclosed. Examples include troop deployments and the contents of arsenals.
Confidential: Confidential information requires authorization for each access and is available only to those in the military organization whose work relates to the subject.
Sensitive but unclassified: A military classification for secrets not related to national security, such as medical data and answers to test scores.
What are unclassified information considered as?
Unclassified information is not sensitive or classified. Examples are computer manuals or warranty details of a product or a device.
What other types of data include propriety data?
Other types of data include proprietary data, PII, and PHI. Proprietary data is any data owned by an organization that helps define that organization, such as copyrights and patents. Personally identifiable information (PII) is data that can be used to identify an individual. Personal health information (PHI) is health data about individuals. Organizations should take special care to ensure that these types of data are protected according to relevant laws and regulations.
What are three organizational roles that may deal with the data classification?
Three organizational roles that may deal with data classification are the data custodian or steward, data owner, and privacy officer.
The data owner is responsible for setting the data classifications and approving the level of access given to personnel.
The data custodian is responsible for configuring the appropriate level of access for users and for backing up the data.
The privacy officer must ensure that appropriate privacy laws are followed, and that data is protected.
What is Data masking?
Data masking involves concealing specific data within a database by replacing, encrypting, or scrambling sensitive information when viewed by a data operator. The underlying data is not changed, but the person accessing the records only views the non-sensitive portions while the sensitive portions are hidden from view. It is used to protect sensitive data during non-production processes, such as testing or development, or to protect data that must be handled during routine operations by users who are not authorized to view all elements of a data record, such as a full social security number (SSN). It is not directly related to determining the physical location of devices or users.
Which of the following data protection concepts focuses on determining the physical location of a user or device prior to granting access to sensitive information?
A) Digital signatures
B) Data encryption
C) Data masking
D) Geolocation
Geolocation is a data protection concept that involves determining the physical location or origin of a device or user accessing sensitive information. This is particularly relevant in scenarios where ensuring compliance with data sovereignty laws or enforcing access restrictions based on geographic location is essential. Geolocation measures help organizations control access and implement security policies based on the geographical location of users or devices.
What are digital signatures?
Digital signatures are cryptographic techniques used to verify the authenticity and integrity of digital messages or documents. While they contribute to data integrity and authentication, digital signatures do not specifically focus on determining the physical location of devices or users.
Which of the following security zones is sometimes known as a demilitarized zone (DMZ)?
A)Extranet
B)Screened subnet
C)Intranet
D)SCADA
A screened subnet is referred to in older literature as a demilitarized zone (DMZ), but the term is largely deprecated. The screened subnet sits between the internal LAN and the internet. In common use, a screened subnet has a firewall that faces the internal network, and another firewall facing the internet. Critical servers are placed between the two firewalls. This design allows internal users to access the servers, and allows access to the servers from the internet, while keeping the users safe behind the internal firewall
What is an extranet?
An extranet allows access to some portion of the internal network from outside the organization. An example could be a training and certification company that allows its partners to download training resources, research papers and marketing materials. Another example would be a major retailer who allows a supplier to access product sales data for ordering and replenishment purposes.
Which of the following types of sensitive data benefit from the implementation of strategies to ensure their protection, including strong access controls, encryption, security awareness training, and data loss prevention? (Choose all that apply.)
A)Trade secrets
B)Legal information
C)Intellectual property
D)Private data
Trade secrets and legal information would both benefit from strategies to ensure their protection.
Trade secrets are proprietary, confidential business information that provides a competitive advantage. Examples include manufacturing processes, chemical formulas, and customer lists. Access controls and encryption are crucial to prevent unauthorized access and disclosure.
Private is a data classification, not a type of data. Other data classifications include sensitive, confidential, public, restricted, and critical.
Legal information involves confidential documents, contracts, and sensitive legal communications. Protection strategies may include strong access controls and encryption to prevent unauthorized access and maintain the confidentiality of legal matters.
Intellectual property includes original works that are protected from infringement by other organizations. Intellectual property is not secret; it is publicly available (such as movies, books, and music). Protecting intellectual property involves safeguarding the owner’s rights through legal measures, such as patents, trademarks, and copyrights, and through technological means, like encryption of digital assets to prevent unauthorized duplication.
Why is it important financial and regulated data types?
Other data types to consider include the following:
Financial information includes records of any type of transfer of funds from/to an organization or an individual. Some of this information may also be regulated. As an example, an e-commerce site may have to abide by standards set by the Payment Card Industry Data Security Standard (PCI DSS). The Gramm-Leach-Bliley Act (GLBA) requires a financial institution to explain how it shares customer data with a third party. Robust protection involves encryption for secure transactions, access controls, and security awareness training to prevent financial fraud.
Regulated data is a type of data that is protected by laws and regulations. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that mandates how entities that collect health data must handle Personal Health Information (PHI). Specifically, organizations must follow the HIPAA Breach Notification Rule when unsecured health information is compromised. In the case of a significant breach, organizations can be required to adopt a corrective action plan to bring their data handling in line with HIPAA requirements and can be audited to prove compliance. Some states have additional laws regarding data protection and may assess local penalties separately from the federal penalties.
What are the six data type you need to know?
Regulated
Trade Secret
Intellectual Property
Legal Information
Financial Information
Human readable/Non-Readable
What is regulated data?
Regulated: Data subject to specific laws, regulations, or industry standards governing its collection, storage, processing, and sharing to ensure compliance and protect individuals’ rights and interests.
What is trade secret?
Trade secret: Confidential information that provides a competitive advantage to a company, such as formulas, processes, or customer lists, and is kept secret to maintain its value and prevent unauthorized use or disclosure.
What is intellectual property?
Intellectual property: Creations of the mind, such as inventions, literary and artistic works, designs, symbols, or names, protected by laws granting exclusive rights to their creators or owners for a specified period.
What is legal information data?
Legal information: Data related to legal matters, including contracts, court cases, statutes, regulations, client-attorney communication, discoverable documents, and other legal documents or communications, often requiring strict confidentiality and compliance with legal procedures.
What is Financial data?
Financial information: Data concerning monetary transactions, assets, liabilities, revenues, expenses, or financial performance of individuals, organizations, or entities, crucial for decision-making, reporting, and regulatory compliance.
