2.0 Architecture and Design Flashcards by Danny Tomawis

data are subject to the laws and governance structures of the nation where they are collected

Data Sovereignty

How well did you know this?

Not at all

Perfectly

the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data

Data Loss Prevention

How well did you know this?

Not at all

Perfectly

a way to create a fake, but a realistic version of your organizational data. The goal is to protect sensitive data, while providing a functional alternative when real data is not needed

Data Masking

How well did you know this?

Not at all

Perfectly

data that has reached a destination and is not being accessed or used

Data at rest

How well did you know this?

Not at all

Perfectly

any data that is sent from one system to another

data in transit/motion

How well did you know this?

Not at all

Perfectly

occurs when data is collected and translated into usable information

data in processing

How well did you know this?

Not at all

Perfectly

is the process of de-identifying sensitive cardholder data by converting it to a string of randomly generated numbers called a “token.” Similar to encryption, tokenization obfuscates the original data to render it unreadable in the event of a data breach or other exposure.

Tokenization

How well did you know this?

Not at all

Perfectly

the process of intercepting and reviewing SSL-encrypted internet communication between the client and the server

SSL Secure Socket Layer Inspection

How well did you know this?

Not at all

Perfectly

a security mechanism that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network

TLS Transport Layer Security Inspection

How well did you know this?

Not at all

Perfectly

the process of transforming any given key or a string of characters into another value

Hasing

How well did you know this?

Not at all

Perfectly

an off-premises location where a company’s work can resume immediately during a disaster. It has all the equipment ready to go and be used. Available 24/7

Hot Site

How well did you know this?

Not at all

Perfectly

A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. Only available during the disaster

Cold Site

How well did you know this?

Not at all

Perfectly

some or all of the IT equipment found in a typical primary data center, such as software and hardware. After a disaster at the primary site, an organization will introduce customer data and may install additional equipment at the site

Warm Site

How well did you know this?

Not at all

Perfectly

a controlled and safe environment for showing how attackers work and examining different types of threats

honeypot

How well did you know this?

Not at all

Perfectly

bait files intended for hackers to access

honeyfiles

How well did you know this?

Not at all

Perfectly

a decoy network that contains one or more honeypots

honeynets

How well did you know this?

Not at all

Perfectly

Hacker method that is trying to get the machine to think that the malware is actually something good.

Fake Telemetry

How well did you know this?

Not at all

Perfectly

a mechanism aimed at protecting users by intercepting DNS request attempting to connect to known malicious or unwanted domains and returning a false, or rather controlled IP address

DNS Sinkholing

How well did you know this?

Not at all

Perfectly

a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis.

IaaS Infrastructure as a Service

How well did you know this?

Not at all

Perfectly

is a cloud computing model provides a platform for customers to develop, run, and manage applications without building and maintaining the cloud infrastructure required to develop and launch an app.

PaaS Platform as a Service

How well did you know this?

Not at all

Perfectly

a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted

Software as a Service

How well did you know this?

Not at all

Perfectly

describes a general category of services related to cloud computing and remote access. It recognizes the vast number of products, tools, and technologies that are now delivered to users as a service over the internet

Anything as a service

How well did you know this?

Not at all

Perfectly

a decentralized computing infrastructure in which data, compute, storage and applications are located somewhere between the data source and the cloud

Fog Computing

How well did you know this?

Not at all

Perfectly

an emerging computing paradigm which refers to a range of networks and devices at or near the user. about processing data closer to where it’s being generated, enabling processing at greater speeds and volumes, leading to greater action-led results in real time.

Edge Computing

How well did you know this?

Not at all

Perfectly

work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory, are stored.

Thin Client

packages of software that contain all of the necessary elements to run in any environment. In this way, virtualize the operating system and run anywhere, from a private data center to the public cloud or even on a developer's personal laptop

Containers

an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network

Software Defined Networking

allows us to deploy next-generation firewalls, intrusion prevention, web application firewalls, and other security devices while at the same time being able to understand exactly what type of data is flowing between all of these systems

Software Defined Visibility

happens when an administrator can no longer effectively control and manage all the virtual machines on a network

virtual machine sprawl avoidance

protection that prevents a virtual machine from directly interacting with the host operating system

VM Escape Protection

checking through all of the data to make sure it’s in the right format, and if it’s not the right format, it should add any corrections

Normalization

prepared SQL code that you can save, so the code can be reused over and over again

Stored Procedure

process of taking something that would commonly be relatively easy to understand and make it very difficult to understand

Obfuscation

the processing takes place on a web server. This processing is important to execute the tasks required by the user on the web

Service Side Execution

the processing takes place on the user's computer

Client Side Execution

when sensitive information is lost due to unintentional exposure

data exposure

nonprofit foundation dedicated to improving software security. It operates under an “open community” model, which means that anyone can participate in and contribute to related online chats, projects, and more

Open Web Application Security Project

a threat intelligence approach that automates the monitoring of information security controls, vulnerabilities, and other cyber threats to support organizational risk management decisions

Continuous Monitoring

lets you constantly monitor new code, testing it against criteria for functionality, security, and performance. It's a vital way to screen out bugs, stop potential issues from reaching the main database, and ensure that rollouts go as smoothly as possible

continuous validation

application developers may constantly be updating an application and perhaps even merging it into a central repository many times a day

continuous integration

a way that you could provide access to your network using credentials that someone uses for a completely different service. This can be done for users that are on your local network or you could use this for third party individuals such as partners or customers to be able to gain access to your server

Federation

a review and confirmation of your organization's security status by an independent reviewer

Attestation

a one-time password (OTP) algorithm based of Hashes

HMAC-based one-time password

Is a biometric feature where these capillaries that are in the back of your eye. They are a relatively unique feature of your eye and they don’t often change, making them a very good biometric factor to use for authentication

Retina

is a biometric feature where its in the front of our eye, and there’s usually specific textures and colors associated

Iris

biometric feature where the vascular scanners can look at veins that might be in our arms. This can look at the blood vessels in our extremities, and determine who a person is based on the unique layout of their veins.

Veins

assessment of the way the body moves, usually by walking or running, from one place to another. The purpose of this is to detect any abnormalities in locomotion.

Gait Analysis

how often your biometric system will approve an unauthorized user by looking at these biometric value

False Acceptance Rate

someone who is authorized to get into the system, they put their finger on the fingerprint reader of the biometric system and instead of getting a green light, they get a red light

False Rejection Rate

an area where we have minimized the number of false acceptance rates, and we’ve minimized the amount of false rejection rates, and effectively gotten both of those down to an equal level

Crossover error rate

something that’s in your brain, and only you happen to know what this particular value is

Something you know

usually a device or some type of system that is near where you happen to be. Something like a smart card

Something you have

associating these characteristics with a specific individual or person. Basically features that makes you

something you are

is a personal way that you do things. For example, the way that you walk is very unique to you

Something you exhibit

Name the Triple As

Authentication, Accounting, Authorization

if you do lose one of those physical drives, you have separate pieces of that data stored on other multiple drives as part of that array What is this called?

RAID Redundant Array of inexpensive disks

Raid type that has no redundancy whatsoever, it’s usually called striping without parity. Where you have very good performance to be able to read and write to that array

Raid 0

Raid type where we can take one physical drive, and duplicate all of the data on that physical drive to a separate physical drive. It’s a mirror of the information. That way if we lose any one of those drives, all the information continues to be available and accessible on that separate drive

Raid 1

where we have striping with parity where we’re putting pieces of information on separate physical drives, and then on a last physical drive we’re putting some parity information. If we lose any of the drives on that particular array, it will rebuild the data based on the parity information that’s put on that extra drive

Raid 5

network drives, with configurations with multiple links in the network to provide redundancy if one part of the network was to fail.

Multipath

provide redundancy to a server using multiple network interface cards on that device

NIC Teaming

a device that provides multiple power sources

Power distribution Unit

dedicated, independent high-speed network that interconnects and delivers shared pools of storage devices to multiple servers

Storage area Network

A back up type when performing a backup on a system, that you back up every single file on the system

Full Back Up

occur after the full backup has occurred, and it will back up all of the files that have changed since the last backup

Incremental Back up

a full backup that backs up everything on the system. Each subsequent differential backup, though, is going to back up everything that’s changed since the last full backup. So every day, the backup is going to get bigger and bigger and bigger as we change more and more information since the last full backup

Differential back up

the practice of periodically copying data from a primary storage device to a tape cartridge so the data can be recovered if there is a hard disk crash or failure

Tape Back up

dedicated file storage that enables multiple users and client devices to retrieve data from centralized disk capacity

NAS Network attached Storage

one that is constantly accessible and constantly updated throughout the day. This is one that occurs over the network, usually to a third-party or cloud-based service, and it’s usually over an encrypted channel

online back up

backing up your local devices to this backup component. It’s usually something that performs very quickly, and it’s over a secure channel We have to make sure that the communication between the system that’s being backed up and the backup service itself is protected and constantly maintained, and it often requires that this information be stored at an offsite facility for disaster recovery purposes

offline back up

integrated circuits often sold off-the-shelf. They're referred to as 'field programmable' because they provide customers the ability to reconfigure the hardware to meet specific use case requirements after the manufacturing process.

Field programmable Gate Arrays

an automated software control system that monitors industrial control systems (ICS) and provides data insights to industrial supervisors about the condition of the entire operation

SCADA Supervisory Control and data acquisition

OS that guarantees real-time applications a certain capability within a specified deadline. are designed for critical systems and for devices like microcontrollers that are timing-specific. processing time requirements are measured in milliseconds

Real Time OS

microchip with all the necessary electronic circuits and parts for a given system, such as a smartphone or wearable computer, on a single integrated circuit (IC)

System on Chip

are signals that occupy a narrow range of frequencies or that have a small fractional bandwidth

Narrowband

using a single frequency to be able to communicate.very often done over a single cable or a single fiber connection, and it’s usually using a digital communication. Since there is a single frequency being used for this communication, anything going over this link is going to use all of the bandwidth on that connection

Baseband

devices can transmit data over long distances by passing data through a mesh network of intermediate devices to reach more distant ones typically used in low data rate applications that require long battery life and secure networking.

Zigbee

a device that plugs into the charging port on your phone, acting as a shield between the public charging station's cord and your phone

USB Data Blocker

shield is an enclosure used to block electromagnetic fields

Faraday Cage

security measure that involves isolating a computer or network and preventing it from establishing an external connection

Airgap

triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces. It provides additional protection from outside cyber attacks by adding a perimeter network to isolate or separate the internal network from the public-facing internet

Screened Subnet

adequate safeguards and/or countermeasures (e.g., acoustic, electric, electromagnetic, and physical) for cables and to permit its use for the transmission of unencrypted information through an area of lesser classification or control

Protected cable distribution

to collect the IT equipment's hot exhaust air, allowing the rest of the data center to become a large cold-air return plenum. Air is being taken from the back of the servers

Hot Aisle

face air conditioner output ducts and air is being take into the front of the servers

Cold Aisle

to insert a random set of characters to a weak key and make it stronger and as well increase the size of the password hash, making things harder for a brute-force attack

Key Stretching

a technique that is a unique value that can be added to the end of the password to create/ change a different hash value

Salting

the procedure of translating a given key into a code.

Hashing

a method in cryptography by which cryptographic keys are exchanged between two parties

Key Exchange

is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.

elliptic-curve cryptography

an encryption style known for producing temporary private key exchanges between clients and servers. For every individual session initiated by a user, a unique session key is generated

perfect forward secrecy

a field of applied quantum physics closely related to quantum information processing and quantum teleportation.

Quantum communications

an area of computer science that uses the principles of quantum theory

Quantum Computing

to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks

Post-Quantum Cryptography

A cryptographic key that is generated for each execution of a key-establishment process and that meets other requirements of the key type

Ephemeral Key

record-keeping system that maintains participants' identities in secure and (pseudo-)anonymous form, their respective cryptocurrency balances, and a record book of all the genuine transactions executed between network participants

Public Ledger

are encrypting one byte at a time. So we will take our plaintext, we’ll grab the first byte, we’ll encrypt that byte, and we’ll store the encrypted information

Stream Cipher

encrypting a fixed length block of information at a time. So instead of taking a single byte, it will take a block of bytes and encrypt that entire block at one time. We usually will see this with 64-bit or 128-bit blocks.

Block Cipher

encryption uses a single key to encrypt and decrypt

Symmetric

encryption uses a mathematically related pair of keys for encryption and decryption: a public key and a private key

asymmetric

an encryption method that features a small footprint and/or low computational complexity. It is aimed at expanding the applications of cryptography to constrained devices and its related international standardization and guidelines compilation are currently underway

Lightweight Cryptography

the practice of concealing messages or information within other nonsecret text or data.

Steganography

encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form

homomorphic encryption

is a way to measure just how unpredictable a password might be.

Entropy

technical best practice to authenticate DNS queries and responses by using cryptographic digital signatures

domain name system security extensions