Security Architecture: Quiz Revision Flashcards

Question

Which concept involves contracting with a third party who will provide a location and equipment to be used in the event of an emergency? A) Alternate business practices B) Alternate processing sites C) Disaster recovery plan D) Offsite storage

Answer 1

Alternate processing sites involve contracting with a third party, who provides a location and equipment to be used in the event of an emergency. Alternate processing sites can be referred to as hot, warm, or cold sites depending on the level of equipment that they provide. Alternate business practices could include allowing employees to work from home in the event of an emergency and temporarily reverting to paper and pen for orders following the failure of an electronic order processing system. A disaster recovery plan outlines how an organization should respond to an event of catastrophic nature. Examples include hurricanes, floods, earthquakes, tornados, and fire. A disaster recovery plan may include a provision for using alternate processing sites, but it does not involve contracting with the third party in any way. It just points to that agreement.

Answer 2

Infrastructure as code (IaC) is the process of using definition and configuration files to provision and manage data centers. Automating this process through scripts can ensure that there is more control and less opportunity for error when deploying servers, as compared with manual configuration. IaC is the foundation for secure DevOps. Security Development Operations (DevOps) means that security is built into all your development operations. Baselining allows you to know how software (or hardware, for that matter) performs under normal load situations. That behavior is known as metrics. When you add new services, you are able to determine what effect those services have on system performance. Because baselining is passive, it would not allow you to configure or manage data centers. When comparing waterfall to the agile development life-cycle model, waterfall uses tightly defined processes that are executed in a linear sequence. Agile is a cyclical methodology where development phases are iterative, and each cycle moves the project a little closer to the final product. Because these are project management models, neither would be appropriate for managing data centers on an ongoing basis through scripts. Immutable systems are those where the configuration is static and may not be changed. This would not be appropriate for a data center environment where configurations may change to address security concerns. Other secure application development issues include security automation and continuous integration. Security automation occurs with agile software development. When automated security is integrated into agile development, security can be implemented effectively with ease during product development, rather than retrofitting security to a completed product. Continuous integration merges updated source code from multiple developers into a shared repository on a regular basis. When code is checked in, it is automatically verified so that problems are detected early. Continuous integration often results in security issues not being discovered and resolved because the appropriate personnel do not review for security issues.

Answer 3

A decentralized architecture would have servers and associated equipment distributed amongst several smaller datacenters, even across different cloud providers. The biggest advantage to a decentralized architecture is that it diminishes the effect of a single point of failure. The biggest disadvantage would be the cost to maintain separate datacenters. A centralized architecture would have the servers (and other equipment) in a single large datacenter. There are significantly less costs and management overhead with a centralized architecture. However, centralized architecture is particularly prone to single points of failure.

Answer 4

Containerization involves encapsulating applications and their dependencies into isolated containers. Security considerations in containerization include isolation between containers and host systems, secure image management, and maintaining the integrity of containerized applications.

Answer 5

Capacity planning for policies requires the assessment and development of guidelines, rules, and documentation that dictate security practices within an organization. Policies establish the framework for implementing security measures, defining procedures, and ensuring compliance with regulatory requirements. Capacity planning for policies ensures that the necessary documentation is in place to guide security operations effectively.

Answer 6

Capacity planning for people involves the HR element of assessing and ensuring the availability of skilled personnel with the necessary expertise to implement security measures. This process ensures that the organization has the right skills, expertise, and personnel structure to effectively address security challenges, mitigate risks, and maintain a resilient security posture. The following areas should be evaluated: Skill assessment, staffing levels, training and development, succession planning, collaboration and communication with other areas of the organization, workforce flexibility, external resource availability and retention strategies.

Answer 7

Technology capacity planning involves evaluating and ensuring the availability of hardware, software, and security tools to support the organization's security requirements. Key elements to consider are hardware resources, software solutions, network Infrastructure, cloud services, data storage, scalability, performance optimization, redundancy and high availability, Integration capabilities, regular updates, and patch management.

Answer 8

Infrastructure capacity planning focuses on assessing and ensuring that the physical and virtual assets supporting an organization's operations, such as servers and networks, can handle its security needs. Items to evaluate include server, network and storage capacity, data center resources, redundancy, scalability, cloud services, physical security, and disaster recovery planning.

Answer 9

Captive portals are associated with public-access Wi-Fi networks. Once you select the network, you are directed to a web page. There, you typically have to sign on and agree to a policy such as an acceptable use or fair use policy. Once your agreement is accepted, you can use the network. These portals are typically found in a public place, such as a hotel, coffee shop, or airport. None of the other options would force users to accept a fair use policy before connecting to the Internet.

Answer 10

RADIUS Federation is a group of RADIUS servers that assist with network roaming and will validate the login credentials of a user belonging to another RADIUS server's network. For the Security+ exam, you also need to understand EAP-FAST, EAP-TLS, and EAP-TTLS. Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAP-FAST) is used in wireless and point-to-point networks. EAP manages key transmissions, and FAST creates a TLS tunnel to be used in authentication through a protected access credential. In Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), EAP manages key transmissions, and TLS uses X.509 digital certificates for authentication. In Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS), EAP manages key transmissions, and TTLS is an extension of TLS (which authenticates the server). TTLS encapsulates the TLS session, allowing for authentication of the client.

Answer 11

Recovery is the process of reinstating data from backup copies to the primary system after a data loss event. The goal of recovery is to ensure the prompt restoration of data availability, minimizing downtime and allowing the resumption of normal operations.

Answer 12

Recovery is the process of reinstating data from backup copies to the primary system after a data loss event. The goal of recovery is to ensure the prompt restoration of data availability, minimizing downtime and allowing the resumption of normal operations. Encryption of backups is the process of converting stored data into a coded format to enhance security. However, the primary goal of encryption is data security, not resuming activities after a data loss. Replication involves creating duplicate copies of data in real-time or near-real-time. While replication contributes to data consistency and minimizes recovery time, its primary objective is not the actual reinstatement of data after a data loss event. Replication focuses on synchronization rather than the recovery process. Journaling would involve making a chronological log of changes in the data. This is sometimes called the transaction log. The log would record details regarding modifications, additions, and deletions to the data. While this is an important element of data integrity, it does not address confidentiality. Journaling would also assist with forensic analysis, and with the establishment of recovery point objectives. Another backup concept you should be familiar with is snapshots. Snapshots are system images that reflect the state of the system at a certain point in time. It is a best practice to take a snapshot of the system prior to making major system changes, "just in case" something goes wrong during the change. Restoring (or recovering) using a snapshot allows you to recover whatever user data and settings existed at the time the snapshot was created.

Answer 13

Conducting regular vulnerability scans and selecting effective controls would be the most effective. Regular vulnerability scans are crucial in identifying potential weaknesses and security gaps within the SD-WAN infrastructure. By scanning for vulnerabilities on a routine basis, the IT team can proactively address and mitigate security risks, ensuring that the SD-WAN deployment remains resilient against potential threats. Selecting effective controls specifically designed for SD-WAN is essential for securing the infrastructure. SD-WAN controls may include encryption protocols, access controls, and traffic monitoring mechanisms. These controls help in enforcing security policies, protecting data in transit, and preventing unauthorized access to the SD-WAN environment.

Answer 14

Data classification refers to assigning security labels to information assets. The data owner must determine the information classification of an asset. Data classification is the most crucial method used to ensure data integrity. It is the responsibility of the data owner to decide the level of classification that the information requires. One purpose of information classification is to define the parameters required for security labels. After being classified, it is difficult to declassify data.

Answer 15

Military Commercial

Answer 16

The types of commercial data classification are as follows: Sensitive - Data that requires careful handling due to its potential to cause harm or damage if disclosed or accessed by unauthorized parties. Confidential - Information that is kept secret or restricted to a certain group of individuals to maintain privacy, security, or proprietary advantage. Public - Data that is freely available to anyone, often intended for widespread dissemination and consumption without restrictions. Restricted - Information with access limited to specific authorized personnel, typically requiring authentication or clearance to ensure proper handling and protection. Private - Data intended for limited access and not publicly available, often containing personal, proprietary, or sensitive information. Critical - Information essential to the core functions and success of an organization, requiring the highest level of protection and access controls to prevent disruption or compromise.

Answer 17

The types of military data classification are as follows: Top-secret: Information classified as top secret and crucial for national security. Examples include spy satellite intelligence and blueprints for newly developed weapons. Secret: Secret information can pose a threat to national security if disclosed. Examples include troop deployments and the contents of arsenals. Confidential: Confidential information requires authorization for each access and is available only to those in the military organization whose work relates to the subject. Sensitive but unclassified: A military classification for secrets not related to national security, such as medical data and answers to test scores.

Answer 18

Unclassified information is not sensitive or classified. Examples are computer manuals or warranty details of a product or a device.

Answer 19

Other types of data include proprietary data, PII, and PHI. Proprietary data is any data owned by an organization that helps define that organization, such as copyrights and patents. Personally identifiable information (PII) is data that can be used to identify an individual. Personal health information (PHI) is health data about individuals. Organizations should take special care to ensure that these types of data are protected according to relevant laws and regulations.

Answer 20

Three organizational roles that may deal with data classification are the data custodian or steward, data owner, and privacy officer. The data owner is responsible for setting the data classifications and approving the level of access given to personnel. The data custodian is responsible for configuring the appropriate level of access for users and for backing up the data. The privacy officer must ensure that appropriate privacy laws are followed, and that data is protected.

Answer 21

Data masking involves concealing specific data within a database by replacing, encrypting, or scrambling sensitive information when viewed by a data operator. The underlying data is not changed, but the person accessing the records only views the non-sensitive portions while the sensitive portions are hidden from view. It is used to protect sensitive data during non-production processes, such as testing or development, or to protect data that must be handled during routine operations by users who are not authorized to view all elements of a data record, such as a full social security number (SSN). It is not directly related to determining the physical location of devices or users.

Answer 22

Geolocation is a data protection concept that involves determining the physical location or origin of a device or user accessing sensitive information. This is particularly relevant in scenarios where ensuring compliance with data sovereignty laws or enforcing access restrictions based on geographic location is essential. Geolocation measures help organizations control access and implement security policies based on the geographical location of users or devices.

Answer 23

Digital signatures are cryptographic techniques used to verify the authenticity and integrity of digital messages or documents. While they contribute to data integrity and authentication, digital signatures do not specifically focus on determining the physical location of devices or users.

Answer 24

A screened subnet is referred to in older literature as a demilitarized zone (DMZ), but the term is largely deprecated. The screened subnet sits between the internal LAN and the internet. In common use, a screened subnet has a firewall that faces the internal network, and another firewall facing the internet. Critical servers are placed between the two firewalls. This design allows internal users to access the servers, and allows access to the servers from the internet, while keeping the users safe behind the internal firewall

Answer 25

An extranet allows access to some portion of the internal network from outside the organization. An example could be a training and certification company that allows its partners to download training resources, research papers and marketing materials. Another example would be a major retailer who allows a supplier to access product sales data for ordering and replenishment purposes.

Answer 26

Trade secrets and legal information would both benefit from strategies to ensure their protection. Trade secrets are proprietary, confidential business information that provides a competitive advantage. Examples include manufacturing processes, chemical formulas, and customer lists. Access controls and encryption are crucial to prevent unauthorized access and disclosure. Private is a data classification, not a type of data. Other data classifications include sensitive, confidential, public, restricted, and critical. Legal information involves confidential documents, contracts, and sensitive legal communications. Protection strategies may include strong access controls and encryption to prevent unauthorized access and maintain the confidentiality of legal matters. Intellectual property includes original works that are protected from infringement by other organizations. Intellectual property is not secret; it is publicly available (such as movies, books, and music). Protecting intellectual property involves safeguarding the owner’s rights through legal measures, such as patents, trademarks, and copyrights, and through technological means, like encryption of digital assets to prevent unauthorized duplication.

Answer 27

Other data types to consider include the following: Financial information includes records of any type of transfer of funds from/to an organization or an individual. Some of this information may also be regulated. As an example, an e-commerce site may have to abide by standards set by the Payment Card Industry Data Security Standard (PCI DSS). The Gramm-Leach-Bliley Act (GLBA) requires a financial institution to explain how it shares customer data with a third party. Robust protection involves encryption for secure transactions, access controls, and security awareness training to prevent financial fraud. Regulated data is a type of data that is protected by laws and regulations. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that mandates how entities that collect health data must handle Personal Health Information (PHI). Specifically, organizations must follow the HIPAA Breach Notification Rule when unsecured health information is compromised. In the case of a significant breach, organizations can be required to adopt a corrective action plan to bring their data handling in line with HIPAA requirements and can be audited to prove compliance. Some states have additional laws regarding data protection and may assess local penalties separately from the federal penalties.

Answer 28

Regulated Trade Secret Intellectual Property Legal Information Financial Information Human readable/Non-Readable

Answer 29

Regulated: Data subject to specific laws, regulations, or industry standards governing its collection, storage, processing, and sharing to ensure compliance and protect individuals' rights and interests.

Answer 30

Trade secret: Confidential information that provides a competitive advantage to a company, such as formulas, processes, or customer lists, and is kept secret to maintain its value and prevent unauthorized use or disclosure.

Answer 31

Intellectual property: Creations of the mind, such as inventions, literary and artistic works, designs, symbols, or names, protected by laws granting exclusive rights to their creators or owners for a specified period.

Answer 32

Legal information: Data related to legal matters, including contracts, court cases, statutes, regulations, client-attorney communication, discoverable documents, and other legal documents or communications, often requiring strict confidentiality and compliance with legal procedures.

Answer 33

Financial information: Data concerning monetary transactions, assets, liabilities, revenues, expenses, or financial performance of individuals, organizations, or entities, crucial for decision-making, reporting, and regulatory compliance.

Answer 34

Human-readable and non-human readable: Data that can be understood and interpreted by humans directly (human-readable) and data encoded or structured in a format that requires processing or translation by a computer or machine (non-human-readable), such as binary code or encrypted data.

Answer 35

The quickest way to do this is to use snapshots. Snapshots are system images that reflect the state of the system at a certain point in time. It is best practice to take a snapshot of the system prior to making major system changes, "just in case" something goes wrong during the change. Restoring using a snapshot would also allow you to recover whatever user data and settings existed at the time of the snapshot.

Answer 36

Live boot media involves creating bootable flash drives or DVDs. In the event of a major system failure, you can use the live boot media to boot and troubleshoot the system. However, no user data would be restored.

Answer 37

A master image would restore the system to the original configuration state, but all the user data and user settings would be lost. Master image allows you to create a standardized system configuration, such as an ISO file. This will ensure that all systems configured with the master image have the same configuration. The master image can be stored on a server and used in the event of disaster recovery, malware infections, new systems, and so on. Other resiliency techniques include non-persistence, rollback, and reverting to known state.

Answer 38

Non-persistence deals with system images that are temporary, typically stored in RAM, and can be replaced by deploying a permanent image. A memory dump will contain all of the data currently in memory stored as a persistent file.

Answer 39

Revert to known state and rollback to known configuration are synonymous. In the event of a system crash, accessing these options during the boot process will allow you to instantly restore the system to an earlier state when everything worked.

Answer 40

The business impact analysis (BIA) includes interviews to gather information about business units and their functions.

Answer 41

An occupant emergency plan (OEP) is created to ensure that injury and loss of life are minimized when an outage or disaster occurs. It also focuses on property damage. Interviewing is not included as part of its development.

Answer 42

The BIA was created to identify the vital functions and prioritize them based on need. Vulnerabilities and threats are identified, and risks are calculated. It is a methodology commonly used in business continuity planning. Its primary goal is to help the business units understand how an event will impact corporate functions. The purpose of the BIA is to document what impact a disruptive event would have on the business; it is not intended to recommend an appropriate solution. Writing a BIA includes the following steps: Analyzing the threats associated with each functional area Determining the risk associated with each threat Identifying the major functional areas of information

Answer 43

The Recovery time objective (RTO) is a calculation of how quickly you need to recover. If the RTO is two hours, an organization would need to invest in a disaster recovery center, telecommunications, and automated systems to achieve full recovery in only two hours. However, if the RTO is two weeks, then the required investment would be much lower because there would be time to acquire resources after an incident has occurred.

Answer 44

To calculate the recovery point objective (RPO), an organization should determine how much data it can afford to lose. For example, if there is a database, is it tolerable to lose one hour of work, two hours, or maybe days? If a document is being written, can you afford to lose four hours of your work, the whole day, or a whole week's work? This amount of time is the RPO. It is crucial for determining the frequency of your backups. If your RPO is four hours, then you need to perform backups at least every four hours. The more frequent the backup, the higher the cost. Because costs need to be balanced with risk, an organization may not be able to back up as frequently as they would like and must therefore accept a higher RPO.

Answer 45

Encryption provides confidentiality security services. An encrypted file is protected from being read by users who cannot decrypt the file. Users require digital keys to decrypt and read encrypted files. Confidentiality deals with ensuring that information is not intentionally or unintentionally disclosed. Accountability is a security service that is used to determine the identity of users. Authentication is an example of an accountability security service. Availability is a security service that protects hardware and data from loss by ensuring that any needed data is available when necessary. Backups are an example of availability. Integrity is a security service that ensures that digital files have not been changed. Digital Signatures are an example of an integrity security method. A digital signature provides integrity and non-repudiation. Non-repudiation ensures that the data's origin is known.

Answer 46

Risk avoidance means identifying the risk, and then no longer engaging the activities associated with that risk. An example could be to no longer accept credit card information via e-mail.

Answer 47

Risk acceptance is recognizing that a risk exists but choosing not to do anything about it. Often, this occurs when the cost associated with eliminating the risk far outweighs the cost of the damage that a risk could inflict

Answer 48

Risk mitigation is the steps you take to reduce or eliminate a risk. Activities like user training, upgrading anti-malware software, and increasing the frequency of data backups are examples of things that a company could do to help mitigate risk.

Answer 49

Risk transference is sharing the burden of the risk with a third party. Transferring services to the cloud is one such example, as well as insurance.

Answer 50

While all considerations are important, it is critical that any organization that is operating in an industry where federal regulations, such as GBLA or HIPAA, are in effect, ensures that the scan supports verification that regulatory requirements are being met. Segmentation considerations are made to control which sections of the network are scanned. This technique supports ensuring that operations and productivity are not negatively impacted by the scan, and that any machines exempted from the scan are not scanned. Sensitivity level considerations involve determining how deeply the machines are scanned. For example, a credentialed scan will scan more deeply and render more valuable information than an uncredentialed scan, but it will also impact the machines’ performance and create more network traffic. Maintaining network performance during the scan is a relevant consideration, but it is not the most important. Some scanning types can create significant traffic and might slow the network.

Answer 51

Antispoofing is a router function, where an application compares the incoming or outgoing IP address to an ACL. Other types of anti-spoofing perform similar functions on MAC addresses or switch ports. A NIDS or NIPS would not check IP address traffic for spoofing.

Answer 52

Inline vs. passive are installation decisions are made when you choose between a network-based intrusion prevention system (NIPS) and a network-based intrusion detection system (NIDS). A NIPS is an active device that monitors and reacts to network intrusions. A NIDS is a passive device that only provides notification in the event of a security breach.

Answer 53

In-band or out-of-band would also indicate a decision between a NIDS or NIPS. In-band management of a NIDS/NIPS would refer to local management, whereas out-of-band management would be performed remotely.

Answer 54

Rules define what a NIDS/NIPS monitors with regard to incoming network traffic.

Answer 55

Software-defined networking (SDN) allows for dynamic reconfiguration of a network as a reaction to changes in volume, types of traffic, and security incidents.

Answer 56

On-premises network architecture allows an organization to maintain control of its architecture and resources by hosting it on-site. With on-premises, the organization can also host a private cloud on its hardware.

Answer 57

Hybrid cloud architecture is an environment where some items are stored in a public cloud and some items are stored in a private cloud. In short, a public cloud allows an organization to “rent space” (much like a tenant in an office building) from another organization in an Internet-accessible datacenter, place sharable resources in that space, and configure access to those resources. A private cloud is an Internet-accessible datacenter that serves only one tenant.

Answer 58

Secure Access Service Edge (SASE) is used to ensure security in a software-defined wide area network (SD-WAN) environment, particularly in a cloud environment. SASE is often associated with the zero-trust model.

Answer 59

RC4 is a stream cipher. Wired Equivalent Privacy (WEP) is considered unsecure because of its improper use of RC4. RC4 would be a great algorithm to use for encrypting streaming video because it is a stream-based cipher. RC4 provides 56-bit encryption.

Answer 60

Stream and block ciphers are the two main types of symmetric algorithms. Block ciphers process one block of bits, and stream ciphers process one bit at a time. RC5 and RC6 are block ciphers. RC4, RC5, and RC6 do not provide one-way hashing.

Answer 61

MD5 is a one-way hashing algorithm. One-way hashing refers to inserting a string of variable length into a hashing algorithm and producing a hash value of fixed length. This hash value is appended to the end of the message being sent. This hash value is recomputed at the receiver’s end in the same fashion in which it was created by using the same computational logic. If the recomputed hash value is the same as the generated hash value, the message was not altered during the course of transmission.

Answer 62

Hashing algorithms include MD2, MD4, MD5, HAVAL, and all of the Secure Hash Algorithm (SHA) variants. Hashing is the best way to protect the integrity of sensitive data entered in a database table.

Answer 63

Symmetric ciphers have modes of operation: ECB, CBC, CTM or CTR, and GCM.

Answer 64

Electronic Code Book (ECB) mode implements the cipher in its original form.

Answer 65

Cipher-block Chaining (CBC) mode uses the output of each block and XORs it with the following block to increase diffusion.

Answer 66

Counter Mode (CTM or CTR) converts a block cipher into a stream cipher.

Answer 67

Galois Counter Mode (GTM) uses a hash function to further complicate the encryption.

Answer 68

A secure web gateway (SWG) is a cloud-based web gateway that combines features of a Next-generation Firewall (NGFW) and a Web Application Firewall (WAF). SWG provides an ongoing update to filters and detection databases and is designed to provide filtering services between cloud-based resources and on-premises resources. SWG uses standard WAF functions, TLS decryption, CASB functions, sandboxing features and threat detection functions to protect enterprises from the ever evolving cloud-based risks and attacks.

Answer 69

Point-to-Point Tunneling Protocol (PPTP) was created by Microsoft to work with the Point-to-Point Protocol (PPP) to create a virtual Internet connection so that networks can use the Internet as their WAN link. This connectivity method creates a virtual private network (VPN), allowing for private network security. In effect, PPTP creates a secure WAN connection using dial-up access. PPTP is known as a tunneling protocol because the PPTP protocol dials through the PPP connection, which results in a secure connection between client and server.

Answer 70

Layer Two Tunneling Protocol (L2TP) is an enhancement of PPTP and can also be used to create a VPN. L2TP is a combination of PPTP and Cisco's Layer 2 Forwarding (L2F) tunneling protocols and operates at the Data Link layer (Layer 2) of the Open Systems Interconnection (OSI) model. L2TP uses User Datagram Protocol (UDP) for sending packets as well as for maintaining the connection. Internet Protocol Security (IPSec) is used in conjunction with L2TP for encryption of the data.

Answer 71

PPP is a protocol used to establish dial-up network connections.

Answer 72

Remote access Service (RAS) is a service provided by the network operating system that allows Remote access to the network via a dial-up connection.L2TP can be combined with Internet Protocol Security (IPSec) to provide enhanced security. Both PPTP and L2TP create a single point-to-point, client-to-server communication link

Answer 73

A VPN concentrator is a device that is used to create a Remote access VPN. It is responsible for creating the tunnels between the endpoints.

Answer 74

Platform diversity involves using different operating systems or platforms within an organization, which contributes to resilience and recovery by diversifying the underlying technologies. This approach reduces the risk of a single point of failure, as it ensures that a disruption or vulnerability affecting one platform may not impact others. There will be no “domino effect.” While platform diversity is a valuable aspect of security architecture, it differs from the specific distribution of workloads across different cloud service providers.

Answer 75

Multi-cloud systems also contribute to resiliency. However, they do not provide platform diversification as stated in the question.

Answer 76

Redundant servers involve having duplicate servers that can take over in case of a failure. Redundancy helps with resilience but does not provide diversification.

Answer 77

Load balancing involves distributing the workload across multiple servers to ensure the best resource utilization. This optimization steers traffic away from areas that are overworked and directs traffic towards areas that are underutilized. This is an important concept for resilience but does not address diversification.

Answer 78

The restricted data classification is used for highly sensitive information that requires limited access but is not crucial for the organization’s fundamental operations. This classification ensures that only authorized personnel with a legitimate need can access the data. Examples of restricted data may include confidential project plans, employee financial information, or proprietary business strategies. Restricted data may also be subject to legal or statutory regulations, such as private health information (PHI). Access controls for restricted data should be stringent enough to prevent unauthorized disclosure.

Answer 79

Sensitive confidential public restricted private critical

Answer 80

Sensitive - Data that requires careful handling due to its potential to cause harm or damage if disclosed or accessed by unauthorized parties.

Answer 81

Confidential - Information that is kept secret or restricted to a certain group of individuals to maintain privacy, security, or proprietary advantage.

Answer 82

Public - Data that is freely available to anyone, often intended for widespread dissemination and consumption without restrictions.

Answer 83

Restricted - Information with access limited to specific authorized personnel, typically requiring authentication or clearance to ensure proper handling and protection.

Answer 84

Private - Data intended for limited access and not publicly available, often containing personal, proprietary, or sensitive information.

Answer 85

Critical - Information essential to the core functions and success of an organization, requiring the highest level of protection and access controls to prevent disruption or compromise.

Answer 86

Serverless is an application development model that provides developers the opportunity to build and run applications in the cloud, without the extra responsibility of having to maintain servers on premises.

Answer 87

Ease of recovery is an important design consideration that relates to backups. You may have built an architecture that has rock-solid and reliable backups. However, what does it take to recover the data from the backups? If the procedure is too cumbersome, you might as well not even have a backup. Inability to patch is a consideration, particularly when a server needs high availability. You might have to take a server offline to complete patch installation. If it’s a critical server that cannot go offline, you might not be able to patch. There is also a concern with embedded systems, which vendors often do not patch. Even worse, when there is a need for a patch for an embedded system, the vendors rarely get one out in a timely manner. Power is a consideration. Power costs must be included in the design. Virtualized and cloud servers consume less power than a physical server. A robust physical server with multiple virtual machines might allow you to maximize computing power with little to no increase in power requirements. If you are considering embedded devices in your design, keep in mind that these devices often have batteries that need to be replaced. They may also draw power from a host device. Compute (or computational) power is also a consideration. In the initial architectural design, you need to ensure that the number of cores you specify will serve your needs. Adding additional cores to a physical server is rather difficult, so you may find yourself using cloud services.

Answer 88

The scenario describes a Layer 7 firewall, also known as a Web Application Firewall (WAF). A WAF operates at the Application Layer, which is Layer 7 of the OSI model. It sits in the screened subnet, providing an additional layer of protection for the internal LAN by inspecting and filtering traffic before it hits the LAN.

Answer 89

A Layer 4 firewall operates at the Transport Layer only, which is Layer 4 of the OSI model. Layer 4 firewalls work within the confines of what operates in Layer 4: IP addresses, ports, and protocols.

Answer 90

A next generation firewall (NGFW) operates in both Layer 4 (Transport layer) and Layer 7 (Application layer). The Layer 7 capabilities allow the firewall to stop an application attack, as well as monitor for several other types of traffic. In the Transport layer (Layer 4), the NGFW performs deep packet inspection. The Layer 4 inspection is more intense than a stateful inspection, looking for application layer protocols and data.

Answer 91

A software-defined wide area network (SD-WAN) is not a firewall; it is a smart traffic manager for your network. Instead of relying on a rigid system of physical connections, an SD-WAN uses software to intelligently route and prioritize your network traffic. It adapts to changing conditions in real-time, like choosing the best and most efficient path for your data to travel, whether over the Internet or through private connections.

Answer 92

Ease of recovery is an important design consideration that relates to backups. You may have built an architecture that has rock-solid and reliable backups. However, what does it take to recover the data from the backups? If the procedure is too cumbersome, you might as well not even have a backup. Resilience, as it is used in the context of security architecture models, refers to the system's ability to adapt, recover, and maintain functionality in the face of disruptions, including security incidents, hardware failures, or other adverse events. A resilient architecture ensures that security measures remain effective even under adverse conditions, contributing to the overall robustness of the security posture. Ease of deployment is an architecture consideration that deals with the difficulty involved in launching the application or system. As the complexity and amount of work involved increases, costs will rise as well. Patch availability is a consideration, as well as patch installation. Check with the vendor to determine how often patches are expected, and what is needed to install the patch. Also, if embedded systems are part of the architecture, keep in mind that patches are not always provided by the vendor in a timely manner.

Answer 93

Network segmentation, air gaps, multiple firewalls, and virtualization are all examples of defense-in-depth, also referred to as layered security. Generally, defense-in-depth/layered security means that someone would have to breach multiple safeguards to have access to the entire network. For example, splitting your network into several subnets or VLANs based on departments would prevent a breach to the HR network from affecting the accounting network. Air gapping refers to completely isolating a vulnerable device from the rest of the network. Vendor diversity means that you are using several suppliers, primarily to isolate vulnerabilities or minimize errors. No single security system is all-encompassing. What is missed by Vendor X is often caught by Vendor Y. Vendor diversity does not ensure air-gapping or network segmentation are implemented in your network.

Answer 94

Control diversity means that you are not relying on one single security mechanism. Control diversity can be further classified as administrative controls, physical controls, and technical controls. Administrative controls are policies and procedures, such as not opening ZIP files attached to emails. Physical controls include locks and fencing and provide physical protection for your facilities and assets. Technical controls include such things as IDS/IPS, firewalls and antimalware. Typically, administrative, and technical controls work best when they work together, rather than independently. Control diversity is one aspect of defense-in-depth but does not cover all layers of a defense-in-depth strategy.

Answer 95

In any organization, user training is a paramount concern. The best administrative and technical controls are useless if a user is not trained on how to identify user-targeted attacks, such as phishing emails and suspicious attachments.

Answer 96

Edge discovery is the process of identifying Internet of Things (IoT) and other devices that are not part of the core infrastructure. Once identified, they can be configured so that hackers cannot use them to compromise an organization’s core network. Edge discovery is a key component of edge security for attack surface management. Edge security is the process of securing nodes that are outside a company’s network core. The edge of the network needs the same level of security as the core network. Nodes at the edge are not fully covered by the security perimeter of the organization and so are the most vulnerable to cybersecurity risks. Computing on the edge involves computing occurring closer to edge devices rather than the infrastructure of the network. Self-driving cars, sensors, fitness bands, and IoT devices are examples of edge devices. These devices often handle sensitive data, and their compromise can compromise the full network. For this reason, it is essential that these devices are not discoverable by hackers on the Internet. Physical controls involve securing the devices and only allowing authorized personnel to use them. Logical controls involve encryption of device data both in transit and at rest and implementing authorization and authentication.

Answer 97

The growth in the use of edge devices has increased the attack surface for an organization. To secure edge devices, you use routers and firewalls as well as wide area network (WAN) devices which are built for security. Some best practices for edge security include: Keep a zero-trust model throughout the company Ensure internal configuration and control of edge devices and reject compromised devices Use AI and ML tools to monitor edge device activity Ensure edge devices are isolated in a public cloud to avoid discovery

Answer 98

Penetration testing and adversary emulation are critical for attack surface management. The goal of penetration testing is to determine as many vulnerabilities as possible within defined time and scope parameters. Adversary emulation (also known as threat emulation) adopts current threat intelligence methodologies and tactics to identify, expose, and correct vulnerabilities. Adversary emulation is particularly suited to measure the organization’s ability to withstand an attack from advanced persistent threats.

Answer 99

Security controls testing determines whether controls have been properly implemented and are performing as expected and producing the appropriate results. For example, a test of physical security control could be checking to see if an access control card denies entry into a specific area. This would be an example of a preventative type of control.

Answer 100

Passive discovery helps to protect the network through the use of security appliances, including firewalls, intrusion detection systems (IDSes), intrusion prevention systems (IPSes), malware protection systems, and others. It is the role of these systems to monitor events and, when an event occurs, create an alert for humans to intervene.

Answer 101

Cold sites take a long time to bring online for disaster recovery. They also are not as available for testing as other alternatives. Therefore, recovery time and testing availability are two disadvantages to using a cold site. Cold sites are inexpensive. Cold sites require no daily administration time. Therefore, expense and administration time are two advantages to using a cold site. Cold sites are locations that meet the requirements for power and connectivity only.

Answer 102

Hot sites are expensive. They require a lot of administration time to ensure that the site is ready within the maximum tolerable downtime (MTD). Therefore, expense and administration time are two disadvantages to using a hot site. Another disadvantage of a hot site is that it needs extensive security controls. Hot sites are available within the MTD and are available for testing. Therefore, recovery time and testing availability are two advantages to using a hot site.

Answer 103

Warm sites are less expensive than hot sites, but more expensive than cold sites. The recovery time of a warm site is slower than for a hot site, but faster than for a cold site. Warm sites usually require less administration time because only the telecommunications equipment is maintained, not the computer equipment. Warm sites are easier to test than cold sites, but harder to test than hot sites.

Answer 104

Hot, cold, and warm sites are maintained in facilities that are owned by another company. Hot sites generally contain everything you need to bring your IT facilities up. Warm sites provide some capabilities, including computer systems and media capabilities, in the event of a disaster. Cold sites do not provide any infrastructure to support a company's operations and requires the most setup time. Redundant sites are expensive and require a lot of administration time. Redundant sites are hot sites, but not all hot sites are redundant sites. Redundant sites are usually maintained by a company for itself. Hot sites are maintained by a company for another company. Redundant sites require a small recovery time and are easier to test than the facilities owned by other companies.

Answer 105

A tabletop exercise simulates a disaster and allows you to check the thoroughness of your disaster recovery plan. You should perform a document review during all exercises. Apart from a tabletop exercise, you can also perform a walkthrough, simulation, parallel testing, and cutover testing to test your disaster recovery plans. If your plan has a weakness, it is better to discover it during an exercise as opposed to discovering it during a live event. After-action reports document how well or how poorly the exercise went. It will also indicate action items for follow-up, as well as any necessary modifications that should be made to improve the disaster recovery response. A business continuity plan ensures that the business stays running in the event that interferes with normal business functions. It is a separate plan from the disaster recovery plan and only needs review and revision. It does not usually require any testing. Critical business functions are those items that are identified as the most crucial. They are the first to be restored after a disaster. A continuity of operations plan (COOP) is a document that explains how critical operations will be maintained in the event a disaster occurs.

Answer 106

In cloud services, a responsibility matrix identifies tasks and management areas, and assigns responsibility for those items to the client organization or the cloud provider. When an incident occurs, or there is a question about whom should be accountable, both the client and cloud provider can refer to the responsibility matrix. The graphic below shows a simplified responsibility matrix for a Platform as a Service agreement. There are several security implications with hybrid considerations. Responsibilities shift and are divided between the client organization’s security personnel and their counterparts in the cloud provider. Data protection is typically a greater concern in hybrid environments due to the decentralization of data. In addition, there is the issue that data may be intercepted as it is moving from the client datacenter to the cloud. Many cloud services involve third-party vendors providing additional functionalities, such as security tools, identity services, or compliance solutions. Evaluating the security practices and capabilities of these third-party vendors is crucial. The security of the overall cloud architecture is influenced by the reliability and security measures implemented by these external partners.

Answer 107

The methods to secure data should be matched to their characteristics as follows: Geographic restrictions – limits access based on physical location Masking – uses encryption or scrambling data Tokenization – replaces sensitive data with a non-sensitive placeholder Permission restrictions – access is based on roles

Answer 108

Tokenization is a data security method that replaces sensitive information, such as payment card data, with a non-sensitive placeholder known as a token. In the context of payment processing, tokenization enhances security by ensuring that the actual sensitive data is not stored or transmitted, reducing the risk of unauthorized access. Only the token is transmitted during the transaction. The token is meaningless to attackers even if intercepted, as it does not reveal the original sensitive information. Tokenization is widely used to protect payment card details during transactions and is effective in minimizing the impact of data breaches.

Answer 109

Data masking involves concealing specific data within a database by replacing, encrypting, or scrambling sensitive information when viewed by a data operator. The underlying data is not changed, but the person accessing the records only views the non-sensitive portions while the sensitive portions are hidden from view. While it is used to protect sensitive data during non-production processes, it does not necessarily involve the use of tokens for substitution. The following exhibit shows a table of employee information with sensitive data masked to conceal it from the data operator: xxxx xxxx xxxx 1258 dxxx@bxxxa.com

Answer 110

Permission restrictions involve controlling access to data based on user roles and permissions. This method focuses on user access rights within an organization and does not involve the replacement of sensitive information with tokens.

Answer 111

Encryption enhances the confidentiality and the security of backup copies. As with all other forms of encryption, the process converts stored data into a scrambled format, and only a decryption key would decipher the data. Encryption also protects sensitive information from unauthorized access. Encryption is particularly crucial when backup media is stored offsite or in transit, mitigating the risk of data exposure in the event of loss or theft.

Answer 112

Journaling would involve making a chronological log of changes in the data. This is sometimes called the transaction log. The log would record details regarding modifications, additions, and deletions to the data. While this is an important element of data integrity, it does not address confidentiality. Journaling would also assist with forensic analysis, and with the establishment of recovery point objectives.

Answer 113

Replication creates duplicate copies of data in real-time or near-real-time to ensure data consistency and minimize recovery time. This is very important for resiliency, but it does not address confidentiality.

Answer 114

PII, or personally identifiable information, is information that can be used to positively identify an individual. This type of information is highly valuable and must be adequately protected by all organizations that deal with PII. Customers take their personal information very seriously and expect it to be well protected by any organization they trust with their PII. Protected health information (PHI) is a highly regulated category of data that requires specific safeguards. PHI is considered any health record (written, electronic, or verbal) associated with an identifiable individual.

Answer 115

A RAID-5 array provides high availability. Redundant Array of Independent Disks (RAID) combines multiple hard drives for redundancy, performance, and fault tolerance. There are several levels of RAID varying in configuration based on need. RAID 5 includes 3 to 32 drives. A portion of each drive is reserved and combined into a "parity" drive, which stores data and drive rebuilding information. In the event of a drive failure, information is pulled from the parity drive to rebuild the failed drive, while the system remains operational.

Answer 116

RAID 0 combines the drives to appear as a single drive. This a great performance feature, but if one drive fails, they all fail.

Answer 117

RAID 1 is mirroring, writing to two drives simultaneously. If drive 1 fails, drive 2 keeps writing.

Answer 118

Fault tolerance allows a system to remain online if a component fails. Additional NICs, multiple power supplies, extra cooling fans, and RAID storage systems are examples of fault tolerance. High availability is the incorporation of multiple resiliency mechanisms to minimize the amount of system down time. The standard for high availability is to have the system up 99.999% of the time. That equates to a little over 5 minutes of down time per year.

Answer 119

Engaging with multiple vendors of the same items is an example of vendor diversity. This is recommended, so that there is not a single platform or vendor that is the source of failure or compromise. Control diversity is the utilization of multiple control types or categories, such as having a compensating control in the form of a backup generator connected for an uninterruptable power supply (UPS). Defense in depth is a concept that prescribes creating multiple barriers to hackers. In this concept, there are controls at the outer perimeter, within various Internal boundary groups and within each system of the organization to provide layered security. Separation of duties is a concept that says that any fraud-prone activity should be broken up into two or more jobs and assigned to different people so fraud attempts can be more easily recognized. This may mean taking a critical operation and requiring one person to input the data and another person to interpret the results.

Answer 120

You should deploy a jump box. A jump server or jump box is a server that is used to access devices that have been placed in a secure network zone, such as a perimeter network (formerly referred to in documentation as a DMZ). The server would span the two networks to provide access from an administrative desktop to the managed device.