Architecture & Design Flashcards
(153 cards)
1
Q
Penalty Types
A
Criminal
Civil
Administrative
Private Regulations
2
Q
Sources of Industry Standards
A
Vendors
Government Agencies
Independent/Consulting Agencies
3
Q
Define Defense in Depth
A
Multiple layers of overlapping security controls
4
Q
Security Control Types by Method
A
Technical
Administrative
Physical
5
Q
Examples of Technical Controls
A
DLP Systems
NIDS/NIPS
Firewall
6
Q
Examples of Administrative Controls
A
Background Investigations
NDAs
Security Training and Awareness
7
Q
Examples of Physical Controls
A
Fences/Cages Locks Smart Cards Man Traps Video Surveillance Bollards Lighting Signs
8
Q
Vendor Diversity Issues
A
Lack of Innovation
Technical Inefficiencies
9
Q
Security Training and Awareness Methods
A
Classroom Orientation Online Vendor Surveys Reminders
10
Q
Information Classification Factors
A
Sensitivity
Criticality
11
Q
Military Classification System
A
Top Secret
Secret
Confidential
Unclassified
12
Q
Business Classification
A
Highly Sensitive
Sensitive
Internal
Public
13
Q
Compliance Obligations
A
Laws
Regulations
Standards
14
Q
Password Factors
A
Complexity Length History Minimum age Expiration
15
Q
Define Tailgating/Piggybacking
A
Unauthorized access to a facility by following another credentialed user when they enter
16
Q
Security Zones
A
Intranet Internet DMZ Extranets Honeynets Ad Hoc MANET WIFI Direct
17
Q
Define Intranet
A
Companies internal network
18
Q
Define Internet
A
Public external network
19
Q
Define DMZ
A
Demilitarized Zone, typically an organizations public facing assets separated from internal assets for security purposes
20
Q
Define Extranets
A
Shared networks between separate organizations
21
Q
Define Honeynets
A
Decoy networks for gaining threat intelligence on attackers
22
Q
Define Ad Hoc Networks
A
Temporary networks for specific usage
23
Q
Private IP Address Ranges
A
- 0.0.1-10.255.255.255
- 16.0.1-172.31.255.255
- 168.0.1-192.168.255.255
24
Q
Define Static NAT
A
Translate private to public IP addresses (or visa versa) on a one-to-one basis
25
Define Dynamic NAT
Translate private to public IP addresses (or visa versa) over multiple public and/or private addresses
26
Define PAT
Port Address Translation, allows systems to share a public IP address over ports
27
Convert 192.168.1.0/24 to Subnet Mask Notation
IP Address 192.168.1.0
| Subnet Mask 255.255.255.0
28
Define SDN
Software Defined Networking
29
SDN Layers
Application Layer
Control Layer
Physical Layer
30
Database Encryption Types at Rest
HSM
TPM
SED
31
UEFI Features
Secure Boot
Remote Attestation
Hardware Root of Trust
32
Software Deployment Environments
Developer
Test
Staging
Production
33
Embedded Systems Benefits
Cost
Size
Manageability
34
ICS Types
SCADA
DCS
PLC
35
Define ICS
Industrial Control Systems
36
Define SCADA
Supervisory Control and Data Acquisition; remote monitoring, telemetry, and report back
37
Define DCS
Distributed Control Systems; process control
38
Define PLC
Programmable Logic Controller; specialized input/output for human interaction
39
Define IoT
Internet of Things; smart tech for general consumer goods
40
IoT Protection Methods
```
Firmware Updates
Security Wrappers
Segmentation
Air Gap
Application Firewalls
```
41
Define Air Gap
Networks with no external network connection
42
Development Methodologies
Waterfall
Spiral
Agile
43
Explain the Waterfall Model
Rigid step based process
44
Explain the Spiral Model
Phased approach; Determine requirements, risks, begin, develop and test
45
Explain the Agile Model
Flexible approach for external input integration
46
Software Capitalization Maturity Model
```
Initial
Repeatable
Defined
Managed
Optimizing
```
47
IDEAL Model
```
Initializing
Diagnosing
Establishing
Action
Learning
```
48
Purpose of Code Repositories
```
Store code
Coordination
Version Control
Code Reuse
Avoid Dead Code
```
49
Code Signing Process
Obtain Digital Certificate
Assign key to code
OS verifies hash of code with CA
50
Software Testing Types
Stress test
UAT
Regression Testing
51
Define Software Stress Testing
Testing using automated scripts for multiple and/or simultaneous input validation
52
Define UAT
User Acceptance Testing, also referred to as "Beta testing"
53
Define Regression Testing
Correctional bug fixes
| Checking for accidental changes
54
Fagen Inspection Steps
```
Planning
Overview
Preparation
Meeting
Rework
Follow Up
```
55
Define Static Software Testing
Examine code for common errors without executing script
56
Define Dynamic Software Testing
Execute code with provided inputs
57
Define Fuzzing
Expose security problems by providing invalid, unexpected, or random data inputs
58
Fuzzing Input Methods
Developer supplied
Script Generation
Mutation testing
59
Code Execution Types
Interpreted
| Compiled
60
Define Interpreted Code
Code executed as written
61
Define Compiled Code
Code compiled into an executable file
62
Types of Hypervisors
Type 1; "Bare Metal"
| Type 2; OS
63
Virtual Machine Security Concerns
VM Sprawl
| VM Escape
64
Cloud Computing Models
Private
Public
Hybrid
65
Public Cloud Services
SaaS
IaaS
PaaS
66
SaaS Vendor Responsibilities
Applications
OS
Hardware
Data Center
67
PaaS Vendor Responsibilities
OS
Hardware
Data Center
68
IaaS Vendor Responsibilities
Hardware
| Data Center
69
Cloud Security Concerns
Encryption
| Access Controls
70
Define CASB
Cloud Access Security Broker
71
CASB Types
Network Based; intercept (Forward/Reverse Proxy)
| API Based; monitor
72
Define VDI
Virtual Desktop Infrastructure
73
Facility Types
```
Data Centers
Server Rooms
Media Storage
Wiring Closets
Operation Centers
```
74
Ideal Data Center Temperatures
64.4-86 F
75
Ideal Data Center Dew Point
41.9-50.0 F (40-60% humidity)
76
Explain the purpose of Hot and Cold Isles
Air flow:
Intake cold air to servers
Exhaust back end
77
Fire Necessary Ingredients
Heat
Fuel
Oxygen
78
Classes of Fire
A, B, C, D, K
79
A Fuel Type
Combustibles
80
B Fuel Type
Petroleum Based Products
81
C Fuel Type
Electrical
82
D Fuel Type
Metals
83
K Fuel Type
Grease, cooking oils
84
Installed Fire Fighting Equipment
Wet Pipe Systems
Dry Pipe Systems
Chemical Suppressants
85
Define EMI
Electromagnet Interference
86
EMI Eavesdropping Prevention
Faraday Cage
Protective Distribution Systems (PDS)
Ethernet port locking devices
Encryption (may bog down infrastructure)
87
Security Control Types by Effect
Deterrent
Preventative
Detective
Corrective
88
Mobile Device Tracking Protections
Encryption
| Asset Tracking
89
Cloud Elasticity Concerns
Confidentiality; sanitization of no longer used resources
90
Define MANET
Mobile Ad Hoc Network
91
Define API-based CASB
Application Programming Interface Cloud Access Security Broker;
out-of-band solution which improves network performance but reduces CASB response time
92
Common Non-Regulatory RMFs
```
NIST
CIS Control
COBIT
FedRAMP
COPPA
```
93
Common Regulatory RMFs
```
Basel III
PCI-DSS
HIPAA
FISMA
GLBA
```
94
Define Basel III and Industry of Concern
International Financial Institutions
95
Define PCI-DSS and Industry of Concern
Payment Card Industry Data Security Standard; Credit Cards
96
Define HIPAA and Industry of Concern
Health Insurance Portability and Accountability Act; healthcare PHI
97
Define FISMA and Industry of Concern
Federal Information Security Modernization Act; Government and Disaster Relief
98
Define GLBA and Industry of Concern
Gramm-Leach-Bliley Act; United States Financial Institutions
99
Define FedRAMP and Industry of Concern
Federal Risk and Authorization Management Program; Cloud services across executive departments and agencies
100
Define COPPA and Industry of Concern
Children's Online Privacy Protection Act; online privacy of children under 13 in the USA
101
Define CIS Controls and Industry of Concern
Center for Internet Security Controls; IoT security
102
Define NIST and Industry of Concern
National Institute of Standards and Technology; generic cyber security risk mitigation
103
Define COBIT and Industry of Concern
Control Objectives for Information and Related Technologies; business process related to technology and quality control of information
104
VM Escape Protection Methods
Regular Snapshots
Harden VM image (i.e. reduce attack surface)
Sandboxing
105
Key Management Best Practices
Encryption and Decryption of data should be distributed
Use secure keys to encrypt data of any kind
Encrypted data using old keys should be kept as is
Use multiple encryption standards
106
Steps to De-provisioning a Resource
Warning
Remove access/permissions
Backup
De-provision
107
VM Sprawl Protection Methods
VM image library
VM life cycle management tools
Limit VM creation permissions
108
Purpose of Automated Security Tools
Configuration validation using generated reports. Do not create, configure, or publish.
109
Purpose of RAID
Improve performance
| Data redundancy
110
Run Time Code Benefits
Flexible OS support
| Flexible web browsers support
111
Compiled Code Benefits
Faster performance
| More secure
112
Vehicle Vulnerabilities
Bluetooth
| Firmware
113
Security Tasks which can be Automated
Monitor network for breaches
Take immediate action to overcome breaches
Update security policies on multiple servers
114
Network Cabling Types
UTP (Shortest lengths and least resistant to EMI, $)
STP
Coaxial
Fiber Optic (Longest lengths and most resistant to EMI, $$$)
115
Virtual Machine Network Modes
```
NAT
NAT Network
Bridged Adapter
Internal Network
Host-Only Network
```
116
Explain VM NAT Mode
VM can communicate to the internet via the host
| Each guest has it's own separate network
117
Explain VM NAT Network Mode
VM can communicate to the internet and other VMs on host network
118
Explain VM Bridged Adapter Mode
VM share host's network adapter and participate directly with host's network. DHCP is controlled by host's network.
119
Explain VM Internal Network Mode
VMs can only communicate with each other
120
Explain VM Host-only Network Mode
VMs can only communicate with host and each other
121
Define Shadow IT
IT Projects managed outside of or without the knowledge of the IT department
122
Explain purpose of Secure Boot
Protect system and data from unauthorized access
123
Define a Supply Chain Assessment
Assess vendors hardware and software supply chain for availability and risks
124
Define Scaling Out
Purchasing more machines to distribute the load
125
Purpose of User Security Training
Awareness
| Management support
126
Perimeter Security Controls
```
Fence
Cage
Firewall
Border Router
IDS
IPS
```
127
Securing a Public Kiosk Methods
Antivirus
Cable lock
System hardening
128
Define Structured Programming
Provide optimal control over coherence, security, accuracy, and comprehensibility during SDLC
129
NoSQL Database Security Concerns
No Default authentication
No Default Access Controls
Most do not use encryption at rest or in transit
*Less susceptible to SQL injection
130
HIDS/HIPS Dependencies
Host system auditing capabilities
131
Security Devices which Perform Stateful Inspections
IPS, IDS
132
Define a Padded Cell
Transfers an attacker into simulated, safe environment where no critical data is stored
133
Hotfix Patching Procedure
Apply and test in lab environment
Deploy to a set of systems (i.e. a department)
Deploy system-wide
134
Patch Management Tools
WSUS
| Group Policy
135
Define DriveLock
Encrypts entire hard drive
136
Bitlocker Encryption Components
C:\ volume
Master boot record
*External media will remain unencrypted (i.e. thumb drives)
137
Define Van Eck Phreaking
Collection of electronic emissions for eavesdropping
138
Types of Firewalls
Stateless packet filtering
Stateful Circuit-level (layer 5)
Application Level (level 7)
139
Firewall Filter Dependencies
IP address
| Port number
140
Application Level Gateway Features
OSI Layer 7
Stops and inspects each packet
Inspects encrypted packets
Examines entire content
Interface with other application layer protocol
Can filter based on user, group, and data
Slowest form of firewall
141
VPN Protocols
L2TP (employs IPsec)
PPP (uses PAP)
PPTP (uses CHAP)
L2F
142
Purpose of Parabolic, High Gain Antennae
Connect networks between buildings wirelessly
143
Define 802.16
WiMAX implementation of IEEE committee for metropolitan WAN
144
Define RAS
Remote Access Service; enables users to remotely dial in to a server
145
Virtualization Benefits
Server consolidation
Migrate systems between hardware
Increase utilization of hardware resources
Isolation of systems and applications
146
Disadvantages of Virtualization
Compromise of host system or hardware failure could effect multiple guest systems
147
VLAN Switch Benefits
```
Logical grouping of LANs,
Simplify device moves,
Control broadcast traffic and create collision domains based on logic,
Control security,
Load balance network traffic
```
148
VLAN Connection Methods
Routers
| Layer 3 Switches
149
SDN Control Layer Function
Removes individual control planes on networking devices and replaces with a single control plane
150
Purpose of a Virtual Switch
Facilitates communication between virtual machines by checking data packets before moving them to destination
151
Virtual Network Key Facts
VM support unlimited number of VLAN,
Multiple VLAN can be associated with a single network adapter,
VLAN is dependent on host configuration, OS, and hardware,
Network access depends on OS as a part of the network
152
Cloud Storage Features
Distributed resources acting as one federated cooperative storage,
High fault tolerance through redundancy and distribution of data,
Highly durable through creation of versioned copies
153
Define a Reciprocal Agreement
Contract between two organizations to share resources in the event of a disaster
