Udemy Sections 12-14: Perimeter Security, Cloud Security, and Automation Flashcards

1
Q

Security devices focused on the boundary between the LAN and the WAN in your organization’s network

A

Perimeter security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security solution that screens traffic between two portions of a network

A

Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A type of firewall that is run as a piece of software on a host or server

A

Software firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A physical device that filters traffic going into a computer, network, or server

A

Hardware firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

One function out of many on a single device that filters traffic going into a computer, network, or server

A

Embedded firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A method used by firewalls. They inspect each packet passing through the firewall and accepts or rejects it based on defined rules (configuration, ACLs)

A

Packet filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A type of packet filtering where packets are accepted or rejected based on the IP address and port number requested.

A

Stateless packet filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A type of packet filtering where the firewall keeps track of which internal requests use which port numbers, and use that information to examine the headers of inbound packets. If the headers of the IP packets match what the firewall was expecting to receive, it is allowed; If not, it is rejected.

This type of packet filtering all but eliminates IP spoofing.

A

Stateful packet filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A type of filtering that filters traffic based upon the ports being utilized and the type of connection (TCP or UDP).

This type of filtering keeps track of which computer made a request by assigning each request a port number. If the incoming packet is not the response that the firewall expected on the port that it expected, it will reject the packet.

A

NAT filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ALG stands for

A

Application-layer gateway
AKA application proxy gateway
AKA Layer 7 firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security solution that applies security mechanisms to specific applications, such as FTP or Telnet. It conducts an inspection based upon the application the incoming packet is destined for. It does NOT conduct these inspections based on port numbers; this firewall operates at Layer 7.

If a packet is destined for an application that it is protecting, it blocks it.

A

ALG (application-layer gateway)
AKA application proxy gateway
AKA Layer 7 firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Application-specific translation agents that allow an application on a host in one address realm to connect to its counterpart running on a host in a different realm transparently.

A

Application-level gateway
AKA application proxy gateway
AKA Layer 7 firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security policy domain defined for a web or application server

A

Realm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A firewall that operates at the Session layer and only inspects the traffic during the establishment of the initial session over TCP or UDP.

After the session is established, the packets pass without any checks.

A

Circuit-level gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A type of filtering where a firewall filters traffic based on MAC addresses

A

MAC filtering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When traffic is allowed to enter or leave the network because there is an ACL rule that specifically allows it

A

Explicit allow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Translate this firewall rule:

allow TCP 10.0.0.2 any port 80

A

The host with the IP address 10.0.0.2 can send packets to any other IP address as long as it is requesting it over port 80.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

When traffic is denied the ability to enter/leave the network because there is an ACL rule that specifically denies it

A

Explicit deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Translate this firewall rule:

deny TCP any any port 23

A

Prevents any device in the network from sending packets to any device outside of the network over port 23

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When traffic is denied the ability to enter or leave the network because there is no specific rule that allows it

A

Implicit deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Translate this firewall rule:

deny TCP any any port any

A

Any host inside the network can’t send TCP packets to any host outside the network no matter which port it goes through.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What do firewalls do at Layer 3?

A

Block IP addresses

Layer 3 is the Network layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What do firewalls do at layer 4?

A

Block ports

Layer 4 is the Transport layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A type of firewall installed to protect your server by inspecting traffic being sent to and from your web application. It stands between the user and the web application to filter traffic.

Prevents XSS, SQL injection, and cookie poisoning

A

WAF (Web Application Firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

WAF stands for

A

Web Application Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What type of firewall largely prevents XSS, cookie poisoning, and SQL injection?

A

WAF (Web Application Firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A device that acts as a middle man between a device and a remote server

A

Proxy server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A type of proxy server that is used to secure a network by keeping its machines anonymous during web browsing

A

IP proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A type of proxy server that attempts to serve client requests by delivering content from itself without actually contacting the remote server.

It does this by saving a copy of the results from previous requests and reusing the copy when the same requests happens.

A

Caching proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

The most common type of caching proxy

A

HTTP proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Why are caching proxy not as effective as they used to be?

A

Because of the Web 2.0 structure giving each user customized information. For example, Facebook. Each person’s Facebook page looks extremely different.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

PAC stands for

A

Proxy Auto-Configuration file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Files that contain configuration information to automatically configure a proxy server

A

PAC (Proxy Auto-Configuration) files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

T/F: It is best practice to configure proxy servers via the PAC files

A

False

Attackers can modify these files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A type of proxy server used in organizations to prevent users from accessing prohibited websites and other content

A

Internet content filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A type of proxy server that is used as a go-between that scans devices for viruses, filters unwanted content, and performs data loss prevention functions.

Like an internet content filter, but with more functions.

A

Web security gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A single computer (or file, group of files, or unused IP range) that might be considered attractive to an attacker

A

Honeypot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

A group of computers, servers, or networks used to attract an attacker

A

Honeynet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are honeypots used for?

A

Security research

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Systems designed to protect data by conducting content inspection of data being sent OUT of the network

A

DLP (Data Loss Prevention)

AKA ILP (Information Leak Prevention)

AKA EPS (Extrusion Prevention Systems)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

DLP stands for

A

Data Loss Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

ILP stands for

A

Information Leak Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

EPS stands for

A

Extrusion Prevention Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

T/F: DLP, ILP, and EPS are all used interchangeably

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

A security system that attempts to detect, log, and alert on malicious network activities

A

NIDS (Network Intrusion Detection System)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

NIDS stands for

A

Network Intrusion Detection System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What mode are NIDS placed in so they can see all network traffic on a segment?

A

Promiscuous mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

A system that attempts to remove, detain, or redirect malicious traffic

A

NIPS (Network Intrusion Prevention System)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

NIPS stands for

A

Network Intrusion Prevention System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A term meaning that a device is directly in the path of incoming traffic

A

Inline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Where should a NIPS be placed so that it is directly in the path of network traffic?

A

Inline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

A term meaning that if a NIPS fails, it allows all traffic through.

A

Fail open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

A term meaning that if a NIPS fails, it blocks all traffic

A

Fail shut

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which is more secure: fail open or fail shut?

A

Fail shut

But it means that the network will essentially be shut down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What do most organizations choose to do when they are faced with the choice between having their NIPS fail open or fail shut?

A

They choose fail open.

This is because a fail shut would cause their network to go down. They choose to rely on other defensive layers when their NIPS fails, rather than take their whole network down.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Software products that are used to capture packets, allow an administrator to analyze the packets, and help with troubleshooting by viewing patterns within the packet captures.

A

Protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

T/F: NIDS and NIPS can also perform protocol analyzer functions

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Examples of protocol analyzers

A

Wireshark, Network Monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

UTM stands for

A

Unified Threat Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

A single device that acts as a combination of network security devices and technologies to provide more defense in depth within a single device

This device can act as a firewall, NIDS/NIPS, content filter, anti-malware, DLP, and VPN

A

UTM (Unified Threat Management) system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

NGFW stands for

A

Next Generation Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

T/F: UTM systems are usually placed as the outermost device in a LAN, replacing a firewall

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

T/F: UTM system and NGFW are used interchangeably

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

A way of offering on-demand services that extend the traditional capabilities of a computer or network out into the internet

A

Cloud computing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

An IT framework that combines storage, computing, and networking into a single system that can reduce data center complexity and increase scalability. This framework relies on virtualization.

A

Hyperconvergence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Allows a cloud provider to offer a full desktop OS to an end user from a centralized server

A

VDI (Virtual Desktop Infrastructure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

VDI stands for

A

Virtual Desktop Infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

VDI desktops are non-persistent. What does this mean for security?

A

Even if an attacker compromises one of the virtual desktops, it can quickly be deleted, and the attacker is blocked out again. This destroys the ability for the attacker to be persistent on the desktop.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

A protected memory region that provides confidentiality for data and code execution. While the data is being processed and kept in memory, it is encrypted and isolated, thus protecting data from the OS and hypervisors.

A

Secure enclave

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

A method of keeping data at rest confidential. When data on the volume is needed, a secure volume is mounted and decrypted to allow access. When the data is no longer needed, it is re-encrypted and is unmounted from the virtual server.

A

Secure volume

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

4 different cloud types

A

Public
Private
Hybrid
Community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

A service provider makes resources available to the end users over the internet. The most common type of cloud architecture.

A

Public cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

A company creates its own cloud environment that only it can utilize as an internal enterprise resource. The organization is responsible for the design, implementation, and operation of the cloud resources and the servers that host them.

A

Private cloud

72
Q

A cloud solution that combines the benefits of both the public cloud and private cloud options. Some resources are developed and operated by the organization (like a private cloud), but the organization may also outsource some services to a service provider (like a public cloud).

A

Hybrid cloud

73
Q

T/F: Hybrid clouds must have strict guidelines regarding where sensitive data is stored.

A

True

Sensitive data should be stored on the organization’s private cloud portion of the hybrid cloud

74
Q

A cloud solution in which resources and costs are shared among several different organizations who have common service needs

A

Community cloud

75
Q

The 4 “as a Service” services

A

SaaS
IaaS
PaaS
SECaaS

76
Q

A third party provides all the hardware, OS, software, and applications needed for a complete service to be delivered

A

SaaS (Software as a Service)

77
Q

A third party provides all the hardware, OS, and backend software needed in order to develop your own software or service.

A

IaaS (Infrastructure as a Service)

78
Q

A third party provides your organization with the hardware and software needed for a specific service to operate.

A

PaaS (Platform as a Service)

79
Q

Of IaaS, PaaS, and SaaS, which provides the least amount of service?

A

IaaS

80
Q

Of IaaS, PaaS, and SaaS, which provides the most amount of service?

A

SaaS

81
Q

A service in which a third party provides everything your organization needs to run a server, including the power, space, cooling, network, firewalls, physical servers, and virtualization layer

A

IaaS

82
Q

A service in which a third party provides everything your organization needs to run a server, including the OS and infrastructure software (web server software, programming languages, etc)

A

PaaS

83
Q

A service in which a third party provides your organization with a hosted application service

A

SaaS

84
Q

A third party provides your organization with various types of security services without the need to maintain a cybersecurity staff. Also provides the organization’s IT staff with a simple security interface that they can use.

A

SECaaS

85
Q

Pro of SECaaS

A

When the service provider updates their virus signature database, all of their customers instantly get updated antimalware

86
Q

Con of SECaaS

A

It is heavily reliant on good internet connection. If your host is offline, it may be vulnerable

87
Q

What 3 advantages does cloud-based vulnerability scanning have over traditional vulnerability scanning?

A

You have the option of scanning either internally or externally. Externally, meaning you scan from outside your network, provides you with an attacker’s perspective.

Installation and maintenance costs are much lower.

Equipment is always kept up-to-date.

88
Q

What is the one big disadvantage of cloud-based vulnerability scanning?

A

Your vulnerability data may be stored on the cloud provider’s server

89
Q

A security technique that utilizes separate virtual networks to allow security professionals to test suspicious or malicious files

A

Sandboxing

90
Q

An organizational process that ensures that authorized people (and no one else) have access to the technology resources they need to perform their job functions.

It ensures greater control of user access by identifying, authenticating, and authorizing users, while prohibiting unauthorized ones.

A

IAM (Identity and Access Management)
AKA IdM (Identity Management)

91
Q

A method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails.

A

Failover

92
Q

The act of removing user access to resources

A

Deprovisioning

93
Q

What may be left behind after deprovisioning?

A

Data remnants

94
Q

How to prevent data remnants in a cloud server?

A

Data should always be encrypted when placed in the cloud server, including the virtual hard disk files for the hosted virtual servers

95
Q

Servers used to store, transfer, migrate, synchronize, and archive files for your organization

A

File servers

96
Q

T/F: Any computer can act as a file server

A

True

97
Q

A software program used to send and receive email

A

Email server

98
Q

Which type of server are most commonly attacked, and thus need much more hardening and security measures?

A

Email server

99
Q

Computer software and underlying hardware that accepts request via HTTP and stores and delivers the content for a website, including application data.

A

Web server

100
Q

Where should web servers be placed in your organization?

A

DMZ

101
Q

A specialized type of file server that is used to host files for distribution across the web. Can be setup for anonymous login or be secured with a username and password.

A

FTP server

102
Q

Difference between file servers and FTP servers?

A

File servers are only accessible within the business’ internal network

FTP servers store files on a remote server, and files are uploaded via the internet

103
Q

What connection should FTP servers be configured to require? Why?

A

TLS

If your FTP server requires login credentials, you need to make sure they are protected during transmission. FTP is a plaintext protocol.

104
Q

A server that acts as a central repository of all the user accounts and their associated passwords for the network

For Windows, this is Active Directory

For Linux, this is equivalent to an LDAP server

A

Domain controller

105
Q

Which type of server is targeted for privilege escalation and lateral movement? Why?

A

Domain controller

It contains user accounts and their login credentials for the network

106
Q

A type of attack against Active Directory that exploits a vulnerability in the Kerberos ticket granting system to generate a “skeleton key” for all devices in the domain.

A

Golden ticket attack

107
Q

A protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. It works on the basis of tickets.

A

Kerberos

108
Q

Which protocol does Active Directory rely on?

A

Kerberos

109
Q

2 ways to prevent the golden ticket attack

A

Ensure that AD controller is up-to-date on patches

Harden AD controller

110
Q

Which is more risky security-wise: A cloud-based infrastructure, or local private company intranet?

A

Cloud-based infrastructure

If you don’t configure the cloud just right, you could introduce security vulnerabilities

111
Q

A private network segment made available to a single cloud consumer within a public cloud

A

VPC (Virtual Private Cloud)

112
Q

VPC stands for

A

Virtual Private Cloud

113
Q

Which “as a Service” product is VPC?

A

IaaS

This means you need to do all administrative work for it also. Configuring IP address space, routing, load management, software installation, etc.

114
Q

T/F: VPCs are as secure as private clouds

A

False

You are sharing devices with a public cloud. Also, there may be data remnants.

115
Q

Occurs when an organization is forced to continue using a produce or service regardless of quality because switching away is not practical.

A

Vendor lock-in

116
Q

Enterprise management software designed to mediate access to cloud services by users across all types of devices. Helps with authentication and access control.

Includes these services:
SSO
Malware and rogue device detection
Monitor/audit user activity
Mitigate data exfiltration

A

CASB (Cloud Access Security Broker)

117
Q

CASB stands for

A

Cloud Access Security Broker

118
Q

An unauthorized, malicious node on a network

A

Rogue device

119
Q

A security appliance or host positioned at the client network edge that forwards user traffic to the cloud network if the contents of that traffic comply with policy

You must go through the proxy to leave your local network

A

Forward proxy

120
Q

A security appliance or host positioned at the cloud network edge that directs traffic to the cloud network if the contents of that traffic comply with policy

You must go through the proxy to get into the cloud network.

A

Reverse proxy

121
Q

A method that uses the broker’s connection between the cloud service and the cloud consumer. Any updates to a user’s authorization is communicated through the API to/from the cloud and broker.

A

API (Application Programming Interface)

122
Q

API stands for

A

Application Programming Interface

123
Q

A library of programming utilities used to enable software developers to access functions of another application

A

API (Application Programming Interface)

124
Q

A tool to transfer data to/from a server using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP, FILE)

Used to test APIs

A

curl

125
Q

FaaS stands for

A

Function as a Service

126
Q

A cloud service model that supports serverless software architecture by provisioning runtime containers in which code is executed in a particular programming language

Basically, it allows you to run and make applications without having a server

A

FaaS (Function as a Service)

127
Q

A software architecture that runs functions (or microservices) within virtualized runtime containers in a cloud rather than on dedicated server instances

A

Serverless

128
Q

In serverless, everything is developed as a collection of what?

A

Functions and microservices

129
Q

3 biggest advantages to serverless architecture

A

No patching
No administration
No file system monitoring

130
Q

An API must be used over what kind of channel?

A

Encrypted

131
Q

Mechanisms that protect an API from a DoS attack

A

Throttling/rate-limiting

132
Q

A technique used to control the amount of traffic that an API can handle. Shapes API access by smoothing spikes in traffic.

A

Throttling

133
Q

A technique to limit network traffic to prevent users from exhausting system resources. Provides a hard limit on API access.

A

Rate-limiting

134
Q

T/F: You should hardcode/embed a key into the source code

A

False

If you embed your key, an attacker can access it and do damange.

135
Q

What security weakness is inherent to SaaS?

A

SaaS does not supply access to log files or monitoring tools

136
Q

A cloud storage container used in AWS

A

Bucket

137
Q

A cloud storage container used in Microsoft Azure

A

Blob

138
Q

T/F: Buckets and blobs mean the same thing in regard to cloud storage

A

True

139
Q

A content delivery network policy that instructs the browser to treat requests from nominated domains as safe

A

CORS (Cross Origin Resource Sharing) policy

140
Q

CORS stands for

A

Cross Origin Resource Sharing

141
Q

A cloud deployment model where the consumer uses multiple public cloud services

A

Multi-cloud

142
Q

The automation of multiple steps in a deployment process

A

Orchestration

143
Q

What is the automation of automations?

A

Orchestration

144
Q

3 types of orchestration

A

Resource orchestration

Workload orchestration

Service orchestration

145
Q

A type of orchestration that provisions and allocates resources within a cloud environment

A

Resource orchestration

146
Q

A type of orchestration that manages applications and other cloud workloads that need to be performed, and has the components to create the product you need. It manages things that are working together.

A

Workload orchestration

147
Q

A type of orchestration used to deploy services within the cloud environment

A

Service orchestration

148
Q

CI stands for

A

Continuous integration

149
Q

CD stands for

A
150
Q

A software development method where code updates are tested and committed to a development or build server/code repository rapidly

A

CI (Continuous Integration)

151
Q

How do software developers working from a data repository prevent too many divergences?

A

CI (Continuous Integration)

152
Q

A software development method where application and platform requirements are frequently tested and validated for immediate availability

A

CD (Continuous Delivery)

153
Q

CD stands for

A

Continuous Delivery

OR

Continuous Deployment

(THESE MEAN DIFFERENT THINGS)

154
Q

T/F: You must be doing CI before you can do CD

A

True

155
Q

CI/CD stands for

A

Continuous Integration / Continuous Delivery

OR

Continuous Integration / Continuous Deployment

156
Q

A software development method were application and platform updates are committed to production rapidly

A

CD (Continuous Deployment)

157
Q

Difference between continuous delivery and continuous deployment

A

Continuous delivery focuses on automated testing of code in order to get it ready for release

Continuous deployment focuses on automated testing AND release of code in order to get it into the production environment more quickly

158
Q

An organizational culture shift that combines software development and systems operations by referring to the practice of integrating the two disciplines within a company

A

DevOps

159
Q

Difference between software development and systems operations?

A

Developers work toward the goal by writing code that’s secure, effective, and easy for others to review

Operators ensure the final product meets the quality threshold by providing and monitoring and maintaining of systems

160
Q

The problem with DevOps

A

Software was being pushed out so fast that it had problems with security compliance or government regulation compliance

161
Q

A combination of software development, security operations, and systems operations by integrating each discipline with the others

A

DevSecOps

162
Q

A concept meaning to consider security early in the beginning of a project

A

Shift-left

163
Q

IaC stands for

A

Infrastructure as Code

164
Q

A provisioning architecture in which deployment of resources is performed by scripted automation and orchestration

A

IaC (Infrastructure as Code)

165
Q

T/F: Since IaC pushes out software development faster, it’s generally less secure

A

False

Through the use of scripts, security templates, and security policies, it is often more secure because less code is left to human error.

166
Q

Any system that is different in its configuration compared to a standard template within an IaC architecture

A

Snowflake system

167
Q

Snowflake systems cause what 2 kinds of issues?

A

Security issues

Inefficiencies in IT support

168
Q

A property of IaC that an automation or orchestration action always produces the same result, regardless of the component’s previous state

A

Idempotence

169
Q

A script inside of an orchestration is called

A

Runbook

170
Q

AI stands for

A

Artificial intelligence

171
Q

ML stands for

A

Machine learning

172
Q

The science of creating machines with the ability to develop problem solving and analysis strategies without significant human direction or intervention

A

AI (artificial intelligence)

173
Q

A component of AI that enables a machine to develop strategies for solving a task given a labeled dataset where features have been manually identified but without further explicit instructions

A

ML (machine learning)

174
Q

T/F: Machine learning is only as good as the datasets used to train it

A

True

175
Q

An architecture of input, hidden, and output layers that can perform algorithmic analysis of a dataset to achieve outcome objectives

The pathways being created as a result of ML

A

ANN (Artificial Neural Network)

176
Q

ANN stands for

A

Artificial Neural Network

177
Q

A refinement of ML that enables a machine to develop strategies for solving a task given a labeled dataset and without further explicit instructions

A

Deep learning

178
Q

Difference between ML and deep learning

A

Deep learning does not require a human to manually identify features of a dataset. You just give it the data and let it go.