3.0 Security Architecture Flashcards
(41 cards)
Q: What is a responsibility matrix in cloud computing?
It defines who is responsible for securing different components in a cloud environment (provider vs client).
What are hybrid clouds?
A combination of private and public clouds used together by an organization
What is Infrastructure as Code (IaC)?
The practice of managing and provisioning computing infrastructure through machine-readable definition files rather than physical hardware configuration
What is serverless computing?
Running applications without managing dedicated servers; the provider handles infrastructure management
What is a microservices architecture?
An architectural style where an application is developed as a collection of small services that communicate over APIs
How does network segmentation improve security?
It limits lateral movement within a network by isolating traffic into different segments
What is an air-gapped network?
A network that is physically isolated from external networks for security purposes
What is Software-defined Networking (SDN)?
A networking approach that uses software-based controllers to manage network traffic instead of relying on hardware devices
What are containers in computing?
Lightweight virtualized environments that share the host OS kernel but isolate applications and their dependencies.
What is virtualization?
Running multiple virtual machines on a single physical server with each VM operating independently with its own OS
Why are IoT devices often targeted by attackers?
They often lack robust security features such as strong passwords or encryption
What are Industrial Control Systems (ICS)?
Systems used in industrial settings like power plants or manufacturing facilities to control processes
What is high availability in IT systems?
Ensuring that systems remain operational with minimal downtime through redundancy and failover mechanisms
How does logical segmentation differ from physical isolation?
Logical segmentation divides traffic through software configurations like VLANs, while physical isolation separates systems physically
What is risk transference in IT architecture?
Shifting risk from one party to another, often seen when using third-party vendors or cloud services instead of managing everything in-house
Why might patch availability be a concern in embedded systems?
Embedded systems often have limited update mechanisms, making it difficult to apply patches quickly or at all
What does “compute” refer to in architecture considerations?
The processing power required by systems or applications within an architecture model
What is meant by decentralized architecture?
A decentralized architecture distributes data processing across multiple locations or devices rather than relying on a single centralized system
Why is scalability important in modern architectures?
Scalability allows systems to handle increased workloads without compromising performance and ensures that they can grow as demand increases
What are some common challenges with hybrid cloud environments?
Hybrid clouds require consistent security policies across both private and public clouds and careful management of data transfer between them
How does SDN improve flexibility in networking?
SDN allows centralized control over network traffic through software rather than relying on physical hardware configurations, enabling more dynamic management of resources
What is the purpose of a DMZ in network architecture?
To isolate public-facing services from internal networks for added security
What is an attack surface?
The total number of vulnerabilities or entry points an attacker can exploit
Describe fail-open vs fail-close scenarios.
Fail-open allows access during failure; fail-close denies access during failure
