Architecture And Design . Flashcards Preview

CompTIA Sec+ SY0-501 > Architecture And Design . > Flashcards

Flashcards in Architecture And Design . Deck (57)
Loading flashcards...
1

What are the three main goals of information security?

• Confidentiality
• Integrity
• Availability

2

_______ prevents unauthorized disclosure.

Confidentiality

3

_______ prevents unauthorized alteration.

Integrity

4

_______ ensures authorized access.

Availability

5

Security activities must be aligned with...
- Business Strategy
- Mission
- Goals
- Objectives

(T/F)?

True!

6

What kind of planning is required with the alignment of security activities?

- Strategic
- Tactical
- Operational

7

Security _______ provide templates for security activities.

Frameworks

8

COBIT, NIST, CSF, and ISO 27001/2 are examples of security frameworks (T/F)?

True!

9

Due _____ is taking reasonable steps to protect the interest of the organization.

Care

10

Due _______ ensures those steps are carried out.

Diligence

11

What four things carry out security governance?

- Policies
- Standards
- Procedures
- Guidelines

12

This Security Governance...

States high-level objectives and is a MANDATORY COMPLIANCE.

Policies

13

This Security Governance...

States detailed technical requirements and is a MANDATORY COMPLIANCE.

Standards

14

This Security Governance...

Provides step-by-step processes and is a MANDATORY COMPLIANCE.

Procedures

15

This Security Governance...

Offers advice and best practices and is an OPTIONAL COMPLIANCE.

Guidelines

16

Security baselines such as NIST SP800-53, provides standardized set of controls that an organization may use as a benchmark (T/F)?

True!

17

An organization would typically adopt a baseline standard wholesale (T/F)?

False!

- They would tailor a baseline to meet their specific security requirements instead.

18

What does the principle of defense-in-depth say?

Organizations should use a variety of overlapping security controls to prevent against the failure of a single control.

19

When designing overlapping controls, strive for _______ of vendors and control types.

Diversity

20

What are the three most common zones that firewall deployment topologies use?

- a trusted intranet
- an untrusted Internet
- demilitarized zone (DMZ)

* These networks are often created using a triple-homed firewall.

21

When managing security of a system, what operating system security principles do you have to keep in mind?

• Disable unnecessary services and applications.
• Close unneeded network ports.
• Disable default accounts and passwords.
• Apply all security patches.

22

When developing new systems, organizations move them through a four-stage process using different environments, what are they?

1. Development - environments where developers create and modify the system.

2. Test - environments where the system is tested. If flaws are discovered, it is returned to development.

3. Staging - environments are where approved code is placed, awaiting release to production.

4. Production - environments contain systems that are currently serving customer needs.

23

The _________ model of software development is fairly rigid, allowing the process to return only to the previous step.

Waterfall

24

The ________ model uses a more iterative approach:

1. Determine Objectives
2. Identify & resolve risks
3. Development & Test
4. Plan the next iteration

Spiral

25

Which approach uses a process that values:

- Individuals & Interactions INSTEAD of processes & tools.
- Working Software INSTEAD of Comprehensive Documentation.
- Customer Collaboration INSTEAD of Contract Negotiation.
- Responding To Change INSTEAD of following a plan.

Agile approach

26

In ______ environments many guest systems run on a single piece of hardware.

Virtualized

27

The hypervisor is responsible for separating resources used by different guests (T/F)?

True!

28

Type ___ hypervisors run directly on the “bare metal.”

1

29

Type ___ hypervisors run on a host operating system.

2

30

__________ virtualization virtualizes individual software apps instead of entire operating systems.

Application