Pluralsight CCSP Domain 2 Flashcards

(53 cards)

1
Q

Data Protection Laws

A
  • GDPR - privacy
  • SOx - financial
  • GLBA - financial
  • HIPAA - health information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Roles and Responsibilities
* Data Owner / Processor
* Custodian
* Subject
* User

A
  • **Data Owner **- ensure data has appropiate level of protection; known as data controller or processor in the cloud
  • Custodian - has custody or posession of data at certain point of time (i.e. personnel who perform backups or user requesting data)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IPS, On Prem Responsibility Zones (CSP or Consumer)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Data Lifecycle: Use

A
  • User Training
  • Data hiding
  • -Encryption
  • -Masking
  • -Obfuscation
  • -Anonymization
  • DLP
  • DRM/IRM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Qualities of Symmetric Encryption Algorithms

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Who holds the keys in SaaS? How can keys be transmitted? How are keys stored?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who holds the keys in PaaS? How can keys be transmitted? How are keys stored?

What is transparent encryption?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Homomorphic Encryption

A

processing encrypted material without first decrypting it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who holds the keys in IaaS? How can keys be transmitted? How are keys stored?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Key Management
* Escrow
* Split Knowledge / Multi-Party
-Dual Control
* Hardware Security Module (HSM)
* Outsourced Key Management
-PKI
-CASB

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Asymmetric Encryption
* What is it used for?
* Is it fast or slow?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What part of CIA triad does hashing protect?
Define Hashing

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hashing Benefits

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Masking and Obfuscation

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Anonymization

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Who is responsible for masking and anonymization in the cloud for IaaS, PaaS, and SaaS?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Tokenization

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

All control typically resides with CSP in SaaS except for what?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Chain of Custody

A

Unbroken record of all activities associated with evidence from the time it is recognized as evidence until it is submitted to court; clear documentation must record which people had access to the evidence, where it was stored, what access controls were placed, and what modifications were perforemd;

this is difficult in the cloud; chain of custody provides non repudiation which means no one can deny taking part of a transaction

Important to have defined procedures and NDAs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Capabilities of Virtualization

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  • Type 1 Hypervisor
  • Traditional OS vs Type 1 Hypervisor (image)
A
  • Modern Hardware Hypervisor
  • Bare-metal, embedded, or native
  • Work directly on hardware/host
  • Small form factor, a few hundred megabytes
  • Type 1 attacks are restricted to the hypervisor and the machine
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Type 2 Hypervisor

A
  • OS or Hosted Application Hypervisor
  • Software Hypervisor
  • Attackers prefer Type 2 because of the larger surface area for attack; They can attack the hypervisor itself and the OS under it, and the machine directly;
23
Q

Virtualization Attacks

A
  • Guest Escape - poorly configured or designed VM or hypervisor that allows user to leave their virtualized instance; this allows user to access other VMs on the same host or they can attack the host itself;
  • Host Escape - user can leave their own virtualized instance and leave the host machine, accessing other devices on the network
  • Information Bleed or side-channel/covert channel attack - processing perfoemd on one VM may be detected by other instances on the same host; this does not have to involve the raw data itself, but may be indicative of the processing occuring (i.e. detecting a certain operation is being performed and lasts a certain duration); attackers can narrow down a list of attacks to use
  • Data Seizure - legal activity might result in a host machine being confiscated or inspected by cops, the host machine might include virtualized instances belonging to your organization even though your organization was not the target;
24
Q

Responsiblity Zones - On prem, IaaS, PaaS, SaaS

25
Data Lifecycle * Protecting data when in use
26
Protecting data when stored
27
Data Classification Procedure
28
Examples of Structured Data and Unstructured Data
29
Example of semi-structured data
30
Bit splitting
31
Erasure Coding aka FEC (Forward Error Correction)
32
Types of Data Storage
33
* Volume aka * Object aka
* Volume aka Block/Raw disk storage * Object aka File storage
34
Clustered Storage and Coupling
* Storage devices clustered in groups, provide increased performance, flexibility, and reliability; 1. Tightly coupled - storage devices are directly connected to a shraed phsyical backplance; cluster is aware of others and has same policies and urle sets; more restrictive; scales well for greater and *greater power *as it increases 2. Loosely coupled - *greater flexibility*; logically connected, don't share proximate physical framework, distantly physically connected through communication media; performance does not scale
35
Volume / Block / Raw Disk Storage
36
File Storage
37
Object Storage
38
Object Storage Benefits
39
Threats to Data (in storage, and transmission)
* Storage - alteration, disclosure, and loss * Transmission - MiTM
40
Data protection
VPN * TLS * IPsec * WPA3 * Replication * Encryption * Hashing * Access controls
41
DLP identifies sensitive data based on:
* Labels * Keywords * Strings
42
DRM/IRM
43
Encryption Benefits
44
Bastion Host
method for remote access to secure environment; it is an extremely hardened device that provides access to one application; publicly available on the internet
45
Federated identity management
manage identities across multiple organizations; i.e. SSO
46
Federated identity management
manage identities across multiple organizations; i.e. SSO
47
Shares in the cloud
if there are not enough resources, CSPP must prioritze which systems will receive limited resoureces available
48
examples of internal and external redundancy
Internal - PDUs, power feeds to rack, cooling units, networking, storage units, physical access points External - power feeds, power substations, generators, network cicuites, building access points, and cooling infrastructures
49
due care vs due diligence
* Due care - ensure policies and procedures are in place * due diligence - follow up to make sure that those policies and procedures are being implemented
50
GLBA vs SOX
SOX protects financial information of public companies, and GLBA protects the financial data of customers
51
Cryptography vs Encryption
Cryptography is the science of concealing messages with a secret code. Encryption is the way to encrypt and decrypt data. The first is about studying methods to keep a message secret between two parties (like symmetric and asymmetric keys), and the second is about the process itself
52
Optical disks vs SSD
optical disks are better for long term storage bc they withstand environmental factors better even though they are slower and and have less storage
53
Data mapping
determing how data moves and the kind of protection needed at each stage