4.1 Secure enterprise architecture

Question 1

Adapt data flow security to meet changing business needs

Answer 1

• enterprises must adapt to the needs of the enterprise

- must start with strong security foundations to allow for easier and faster updates

Question 2

(Standards)

Answer 2

mandatory requirements in support of a policy

- HIPAA, PCI DSS, NIST 800 series

Question 3

(Standards)

Competing standards

Answer 3

two or more standards available to us to address the same issues

Question 4

(Standards)

Lack of standards

Answer 4

new technologies that lack standards, such as IoT devices and blockchain

Question 5

(Standards)

De facto standards

Answer 5

standards that are so widely accepted by an industry but have not undertaken formal standardization process

Question 6

(Interoperability Issues)

Legacy systems and software/current systems

Answer 6

legacy systems are older applications and hardware that are no longer supported by the vendor, but are still used by the enterprise

Question 7

(Interoperability Issues)

Application requirements

Answer 7

different applications require different available resources before installing

Question 8

(Interoperability Issues)

Software types - In-House developed

Answer 8

applications developed internally by the enterprise

Question 9

(Interoperability Issues)

Software types - Commercial

Answer 9

programs developed by the third-party organizations such as apple, adobe, and microsoft

Question 10

(Interoperability Issues)

Software types - Tailored commercial

Answer 10

almost completely customized right out of the box for an enterprise

Question 11

(Interoperability Issues)

Software types - open source

Answer 11

developers of open source software permit anyone to analyze, modify, and distribute the source code for free

Question 12

(Interoperability Issues)

Standard data formats

Answer 12

enterprises can address interoperability issues by using standard data formats such as ODF, PDF, TDF, PNG, HTML, CSV, XML, ASCII

Question 13

(Interoperability Issues)

Protocols and APIs

Answer 13

protocol and API interoperability challenges can be addressed by using applications that support interoperability-friendly protocols or using a broker service that acts as a middleman to broker what are otherwise incompatible protocols and APIs

Question 14

(Resilience issues)

Answer 14

focuses on preventing service disruptions, while also quickly detecting and recovering from ones that do occur

Question 15

(Resilience issues)

Use of heterogeneous components

Answer 15

refers to systems that use different components

Question 16

(Resilience issues)

Course of action automation/orchestration

Answer 16

enterprises can respond to resiliency issues by implementing manual mitigations or using automation task runs, or orchestration systems can automatically take care of them

Question 17

(Resilience issues)

Distribution of critical assets

Answer 17

critical assets should be distributed accross systems or locations to minimize the scope of critical asset losses

Question 18

(Resilience issues)

Persistence and non-persistence of data

Answer 18

• Persistent data = data that rarely changes, despite shutdowns
• Non-persistent data = data that frequently changes or does not remain after shutdowns

Question 19

(Resilience issues)

Redundancy/high availability

Answer 19

uses duplication of systems so that a failure of one system will result in the automatic transfer of services to a backup system

Question 20

(Resilience issues)

Assumed likelihood of attack

Answer 20

determining the likelihood of attacks takes into consideration both vulnerabilities and the threats themselves

Question 21

(Data Security Considerations)

Data remnants

Answer 21

can be destroyed through drive overwriting, degaussing, encryption, or physically destroying drives

Question 22

(Data Security Considerations)

Data aggregation

Answer 22

the compilation of data from multiple sources into a summarized report format

Question 23

(Data Security Considerations)

Data isolation

Answer 23

process of contolling user access to data that is located in the same environment as other data and users

Question 24

(Data Security Considerations)

Data ownership

Answer 24

the data owners knowledge of data types can help with integration by ensuring the enterprise knows who is accountable for making decisions on how certain data should be classified, managed, and used by the enterprise

Question 25

(Data Security Considerations)

Data sovereignty

Answer 25

data sovereignty stipulates that once data has been collected on foreign soil, it is subject to the laws of that particular nation

Question 26

(Data Security Considerations)

Data volume

Answer 26

too much data increases the attack surface of server since there is more information to be compromised

Question 27

(Resource provisioning and deprovisioning)

Users

Answer 27

accounts can be provisioned by a cloud administrator or on-premise administrator, or both, depending on whether the user accounts are cloud-only, federated, or synchronized

Question 28

(Resource provisioning and deprovisioning)

Servers

Answer 28

Whether on-premises or in the cloud, servers are increasingly being provisioned as VMs by many enterprises

Question 29

(Resource provisioning and deprovisioning)

Virtual Devices

Answer 29

can refer to many things including VMs as well as VM building blocks such as CPUs, RAM, and hard disks

Question 30

(Resource provisioning and deprovisioning)

Applications

Answer 30

applications are increasingly being provisioned in the cloud due to the speed of deployment, ease of access, and the simplicity of controlling access to applications

Question 31

(Resource provisioning and deprovisioning)

Data remnants

Answer 31

cloud computing environments may have trouble employing comprehensive sanitization methods to data remnants because data is typically located in virtual spaces shared by multiple cloud consumers

Question 32

Design considerations during mergers acquisitions and demergers/divestitures

Answer 32

• whenever corporations restructure it increases vulnerabilities because of confusion
• security design must take into consideration the procedures involved in restructuring

Question 33

Network secure segmentation and delegation

Answer 33

• entities must be segmented to increase separation of information and resources
• network segmentation is a basic tool used as part of a defense-in-depth and layered security strategy

Question 34

Logical deployment diagram and corresponding physical deployment diagram of all relevant devices

Answer 34

• logical diagrams are created first. Shows desired connections in network topology
• physical diagrams show the exact position of placement of network resources

Question 35

(Security implications of integrating enterprise applications)
CRM

Answer 35

Customer relationship management model
- models that are typically implemented via a software suite that facilitate interactions with customers, customer service, technical support, and other areas of business

Question 36

(Security implications of integrating enterprise applications)
ERP

Answer 36

Enterprise Resource Planning
- business process management software that permits enterprises to use a consolidated platform of business applications modules to manage enterprise wide activities such as customer service, human resource, accounting, sales, payroll, purchase orders, and many more

Question 37

(Security implications of integrating enterprise applications)
CMDBs

Answer 37

Configuration Management Databases
-automatically track the state of enterprise assets such as hardware, software, policies, documentations, networks, and staff throughout the lifecycle of these assets

Question 38

(Security implications of integrating enterprise applications)
CMS

Answer 38

Content Management Systems
- typically web-based applications that encourage enterprise-wide collaboration with web applications and documentation between multiple contributors creating, editing, and publishing content

Question 39

(Security implications of integrating enterprise applications)
Integration enablers - Directory services

Answer 39

directory services are centralized identity access management systems that store information about network objects, in addition to providing authentication, authorization, location, management, and auditing services upon those network objects

Question 40

(Security implications of integrating enterprise applications)
Integration enablers - DNS

Answer 40

Domain name system

- critical part of internet infrastructure to mapping names to IP addresses

Question 41

(Security implications of integrating enterprise applications)
Integration enablers - SOA

Answer 41

Service Oriented Architecture

- a set of requirements and principles to facilitate the development of interoperable software services

Question 42

(Security implications of integrating enterprise applications)
Integration enablers - ESB

Answer 42

Enterprise Service Bus

- a type of architecture for facilitating communications between applications or web services in SOA