Sec + 5

Question 2

Responsibility matrix

Answer 2

Outline of shared responsibility between clients and cloud provider

Question 3

IaC benefits

Answer 3

Efficiency
Consistency and reproducibility
Easy version control
Many providers and tools

Question 4

What is BaaS?

Answer 4

Backend as a service. Server less computing where backend services such as databases, authentication, and file storage are provided by CSP as well.

Question 5

Microservices benefits.

Answer 5

Agility
Scalability
Faster development
Easy maintenance
Improved fault tolerance
Decomposition
Independence

Question 6

Layer 7 essential security devices

Answer 6

WAF (web application firewall)
NIPS

Question 7

Layer 4 essential security device

Answer 7

Load balancer

Question 8

Layer 3 essential security devices

Answer 8

Router/subnets
Layer 3 switch for vlans and subnets

Question 9

Layer 2 essential security device

Answer 9

Switch/LAN
WAP

Question 10

How are virtual networks created?

Answer 10

Software on a switch

Question 11

What is a thin client?

Answer 11

Device where only mouse clicks and keyboard inputs are exchanged with VDI

Question 12

What is SCADA?

Answer 12

Supervisory control and data acquisition. Sophisticated industrial control system (ICS)

Question 13

What is a RTOS?

Answer 13

Real-time operating system. OS where exact timing is essential like navigation systems or light control

Question 14

Infrastructure considerations.

Answer 14

Availability
Resilience
Cost
Responsiveness
Scalability
Ease of deployment
Risk transference
Ease of recovery
Patch availability
Power
Compute

Question 15

What is a sensor?

Answer 15

It detects and analyzes unusual network behavior. Used by IDSs

Question 16

What is SASE?

Answer 16

Security access Service edge. Cloud based it model that consolidates networking and security functions into a single service.

Question 17

What type of data is a NDA?

Answer 17

Trade secret.

Question 18

What is a failover?

Answer 18

Seamless switch to the backup

Question 19

What is puppet forge?

Answer 19

Versitle agnostic platform of pre-built modules and configs to set up a secure baseline across a range of systems

Question 20

What is tethering?

Answer 20

Basically hot spots

Question 21

What is a shared secret?

Answer 21

Shared kerberos password used by RADIUS

Question 22

What is WPA2 CCMP used for?

Answer 22

WPA2

Question 23

What is secure erase?

Answer 23

Issued to storage media. Triggers process of permanent data removal

Question 24

What is CVE?

Answer 24

Common vulnerabilities and exposures list

Question 25

What is the CISA?

Answer 25

Cybersrcurity and infrastructure security agency. Threat feeds from govt.

Question 26

What is structured threat information expression (STIX)?

Answer 26

Standard language and format for representing threat info. By MITRE

Question 27

What is TAXII?

Answer 27

Companion to STIX to automatically exchange threat info

Question 28

What is TTP'S?

Answer 28

Tactics, techniques, and procedures

Question 29

What is SNMP?

Answer 29

Simple network monitoring protocol. Monitors network devices Uses agents to monitor Managers to control agents Traps to send info on threats Uses MI, management information base, databases for SNMP

Question 30

What is anomaly/heuristic detection?

Answer 30

Look at behaviors and deviations and not only signatures

Question 31

Os hardening

Answer 31

Updates User access control UAC Minimize attack surfaces Strong authentication Principal of least privilege Firewall Encryption Logs Patches Educate users Back ups Disaster recovery plan

Question 32

What should go on port 22?

Answer 32

Ssh Scp-secured copy protocol to unix/linux Sftp-secure file transfer protocol

Question 33

What should go on port 53?

Answer 33

Dns

Question 34

What should go on port 162?

Answer 34

Simple network management protocol 3.

Question 35

What should go on port 443?

Answer 35

Https