SecPlusP2 Flashcards
(342 cards)
1
Q
What is a challenge for multinational companies and cloud services regarding data sovereignty laws?
A
Complying with the requirement of data storage and processing within national borders
2
Q
What access restrictions might cloud services impose due to data sovereignty laws?
A
Restricting access from multiple geographic locations
3
Q
Why do data sovereignty and geographical considerations pose complex challenges?
A
They conflict with the global nature of multinational companies and cloud services
4
Q
What is geofencing?
A
Virtual boundaries to restrict data access based on location
5
Q
Why is geofencing important for data security?
A
Compliance with data sovereignty laws, prevent unauthorized access from high-risk locations
6
Q
What does encryption protect?
A
Data at rest and in transit
7
Q
What is needed to recover encrypted data?
A
Decryption key
8
Q
What is masking?
A
Replace some or all data with placeholders
9
Q
What is tokenization?
A
Replace sensitive data with non-sensitive tokens
10
Q
What is obfuscation?
A
Make data unclear or unintelligible
11
Q
What is hashing commonly used for?
A
Password storage
12
Q
What is the purpose of hashing?
A
Irreversible one-way function
13
Q
What is the purpose of masking?
A
Partially retains metadata for analysis
14
Q
What is the purpose of tokenization?
A
Credit card protection
15
Q
What is the purpose of obfuscation?
A
Irreversible de-identification method
16
Q
What are some techniques used to hinder unauthorized understanding?
A
Encryption, masking, pseudonyms
17
Q
How does segmentation help in network security?
A
Divides network into separate segments with unique security controls
18
Q
What is the goal of Data Loss Prevention (DLP) systems?
A
To detect and prevent data theft
19
Q
What are the three types of DLP systems?
A
Endpoint DLP, Network DLP, Storage DLP
20
Q
What does a DLP system inspect?
A
Data at rest
21
Q
What type of data does a DLP system inspect?
A
Encrypted or watermarked data
22
Q
What does a DLP system monitor?
A
Data access patterns
23
Q
What happens if a policy violation is detected?
A
It is flagged
24
Q
What type of solution is a cloud-based DLP system?
A
Software-as-a-service
25
What does a cloud-based DLP system protect?
Data stored in cloud services
26
What are the three data states?
Data at rest, data in transit, data in use
27
What does an algorithm do in cryptography?
Performs encryption or decryption
28
What is the advantage of key rotation?
Best practice for security longevity
29
What type of encryption uses the same key for encryption and decryption?
Symmetric encryption
30
What type of encryption uses a pair of keys for encryption and decryption?
Asymmetric encryption
31
Name two symmetric algorithms.
DES, AES
32
Name two asymmetric algorithms.
Diffie-Hellman, RSA
33
What does hashing do?
Converts data into fixed-size string (digest) using hash functions
34
What are some examples of encryption algorithms?
MD5, SHA Family, RIPEMD, HMAC
35
What is Public Key Infrastructure (PKI)?
Framework managing digital keys and certificates for secure data transfer
36
What are digital certificates?
Electronic credentials verifying entity identity for secure communications
37
What is blockchain?
Decentralized, immutable ledger ensuring data integrity and transparency
38
What are some examples of encryption tools?
TPM, HSM, Key Management Systems, Secure Enclave
39
What are some types of cryptographic attacks?
Downgrade Attacks, Collision Attacks, Quantum Computing Threats
40
What is symmetric encryption?
Uses a single key for both encryption and decryption
41
What is asymmetric encryption?
Uses two separate keys: public key for encryption and private key for decryption
42
What is the hybrid approach to encryption?
Combines both symmetric and asymmetric encryption for optimal benefits
43
What is a stream cipher?
Encrypts data bit-by-bit or byte-by-byte in a continuous stream
44
What are the challenges with key distribution in symmetric encryption?
Requires both sender and receiver to share the same secret key
45
What are the commonly used algorithms for asymmetric encryption?
Diffie-Hellman, RSA, and Elliptic Curve Cryptography (ECC)
46
What are the advantages of using a block cipher?
Ease of implementation and security
47
What is the key size used in DES?
64-bit (56 effective bits due to parity)
48
What types of data streams are suitable for block ciphers?
Real-time communication data streams like audio and video
49
What is the encryption algorithm that encrypts data in 64-bit blocks through 16 rounds of transposition and substitution?
DES
50
What is the encryption algorithm that utilizes three 56-bit keys and provides 112-bit key strength?
Triple DES (3DES)
51
What is the encryption algorithm that uses a 128-bit key and is faster and more secure than DES?
IDEA (International Data Encryption Algorithm)
52
What is the block size of IDEA?
64-bit
53
What is AES?
US government encryption standard
54
What are the key sizes supported by AES?
128-bit, 192-bit, or 256-bit
55
What is Blowfish?
DES replacement with limited adoption
56
What are the key sizes supported by Twofish?
128, 192, or 256 bits
57
What is the RC Cipher Suite?
Cipher suite created by Ron Rivest
58
What are the key sizes supported by RC4?
40 to 2048 bits
59
What is the classification of the mentioned algorithms?
Symmetric block ciphers except for RC4 which is a stream cipher
60
What is public key cryptography?
No shared secret key required
61
What is the purpose of a key pair in encryption?
Public key for encryption and private key for decryption
62
What does the public key in encryption provide?
Confidentiality
63
What does the private key in encryption provide?
Non-repudiation
64
What are the roles of the private key and public key in encryption?
Private key encrypts, public key decrypts
65
What is the purpose of a digital signature?
Integrity and authentication
66
What is a hash digest?
Encrypted message with sender's private key
67
How is the message encrypted in asymmetric cryptography?
With the receiver's public key
68
What does asymmetric cryptography ensure?
Message integrity, non-repudiation, and confidentiality
69
What is the Diffie-Hellman algorithm used for?
Key exchange and secure key distribution
70
What are the vulnerabilities of Diffie-Hellman?
Man-in-the-middle attacks, requires authentication
71
What is RSA used for?
Key exchange, encryption, and digital signatures
72
What is the reliance of RSA encryption?
Factoring large prime numbers
73
What are the key sizes supported by RSA encryption?
1024 to 4096 bits
74
What is the cryptographic algorithm widely used in organizations and multi-factor authentication?
RSA
75
What algebraic structure does ECC use?
Elliptical curves
76
Where is ECC commonly used?
Mobile devices and low-power computing
77
How does ECC compare to RSA in terms of efficiency for equivalent security?
Six times more efficient
78
What are the variants of ECC?
ECDH, ECDHE
79
What is ECDSA?
Elliptic Curve Digital Signature Algorithm
80
What are common hashing algorithms?
MD5 (Message Digest Algorithm 5)
81
What is SHA-1?
Produces a 160-bit hash digest, less prone to collisions than MD5
82
What does SHA-2 offer?
Longer hash digests (SHA-224, SHA-256, SHA-384, SHA-512)
83
What is SHA-3?
Uses 224-bit to 512-bit hash digests, more secure, 120 rounds of computations
84
What is RIPEMD?
Competitor to SHA, available in 160-bit, 256-bit, and 320-bit versions
85
What is HMAC?
Hash-based Message Authentication Code
86
What are common digital signature algorithms?
DSA
87
How does a digital signature ensure non-repudiation?
Encrypts the hash with the sender's private key
88
What is the purpose of a 160-bit message digest?
Verify data integrity
89
What is a common hashing attack known as?
Pass the Hash Attack
90
How can pass the hash attacks be prevented?
Trusted OS, proper Windows domain trusts, patching, multi-factor authentication, least privilege
91
What is a hub/control system?
Central component connecting IoT devices
92
What are smart devices?
Everyday objects with computing and internet capabilities
93
What are wearables?
Smart devices worn on the body
94
What do sensors do in IoT?
Detect changes and convert them into data
95
What are the risks associated with IoT?
Weak Default Settings, Poorly Configured Network Services
96
Why are weak default settings a common security risk in IoT?
Default usernames/passwords are easy targets for hackers
97
What can be done to mitigate the risk of weak default settings in IoT?
Changing defaults upon installation is essential
98
What are the risks of poorly configured network services in IoT?
Open ports and unencrypted communications can expose vulnerabilities
99
How can the attack surface of IoT devices be minimized?
Keeping IoT devices on a separate network is recommended
100
What is DLL?
Library
101
What is the name of the software that collects code and data that can be used simultaneously to allow for reuse and modularization?
software 62
102
What happens when two different messages result in the same hash digest?
Birthday Attack
103
What does longer hash output do to reduce collisions and mitigate the attack?
SHA-256)
104
How many replay attacks does DionTraining.com have?
92
105
What areStudy Notes?
CompTIA Security+ (SY0-701)
106
Where are PKI Components used?
HTTPS connections
107
What is a random shared secret key generated for?
symmetric encryption
108
What type of encryption does the shared secret use to create a secure tunnel?
AES
109
What is the purpose of establishing a website via HTTPS?
Secure Connection
110
What is the private key used to verify the web server's identity?
93
111
What is the name of a shared secret?
Authentication
112
What standard does CompTIA Security+ use?
X.509 Standard
113
Where is the X.509 Standard used for digital certificates?
PKI
114
What does the X.509 Standard contain?
Contains owner's/user's information and certificate authority details
115
What is the name of the digital certificate that is signed by the same entity whose identity it it certifies?
Third-Party Certificates 95
116
What does CompTIA Security+ refer to?
Preferred for public-facing websites
117
What is the name of the study Notes Digital certificate issued and signed by trusted certificate authorities?
CompTIA Security+ (SY0-701)
118
What are Verisign, Google, etc?
Trusted third-party providers
119
What does CompTIA Security+ offer transparency, efficiency, and trust in the digital era?
Encryption Tools
120
What does CompTIA Security+ offer in the digital era?
Transparency, efficiency, and trust
121
What is the name of a hardware-level security tool?
Dedicated microcontroller
122
What is an Encryption Tools for Data Security?
TPM
123
How many devices are protected from unauthorized access?
100
124
What technique is used to prevent the suspicion that there’s any hidden data at all?
encryption
125
What is Data Obfuscation?
Data Masking
126
In what environments is data authenticated and usable?
testing environments
127
What does Assess and prioritize risks based on likelihood and impact?
Qualitative Risk Analysis
128
What does Numerically estimate probability and potential impact?
Quantitative Risk Analysis
129
What does Quantitative Risk Analysis mean?
Numerically estimate probability and potential impact
130
What are the Crucial Steps Continuous tracking and regular reporting Long-Term Impact Significant for the effectiveness of the risk management process
Risk Monitoring and Reporting
131
What is significant for the effectiveness of the risk management process?
Long-Term Impact
132
What is the term for Risk Assessment Frequency?
Regularity
133
What is regularity with which risk assessments are conducted within an organization?
Risk Assessment Frequency
134
What are the four main types of risk assessment frequencies?
Ad-Hoc Risk Assessments
135
What is a crucial first step in risk management?
Risk Identification
136
Risks can vary from financial and operational to what?
strategic and reputational
137
What is the ARO?
Annualized Rate of Occurrence
138
What is EF?
Exposure Factor
139
What are four primary risk management strategies?
Common methods
140
What is one of the four primary risk management strategies?
Risk Transference
141
What does one party agree to cover the other's harm, liability, or loss resulting from the contract?
Doesn’t remove the risk
142
What is the responsibility for handling the risk’s financial consequences?
risk Acceptance
143
What are routers and switches composed of?
components from various suppliers
144
What does CompTIA Security+ (SY0-701) ensure secure manufacturing?
Trusted foundry programs
145
Devices may contain what?
malware or vulnerabilities
146
What is 118 https://www.DionTraining.com/?
Assess cybersecurity protocols
147
What is Study Notes?
CompTIA Security+ (SY0-701)
148
Collaborating with organizations and industry groups for what?
Joint defense
149
What is the purpose of incorporating contractual safeguards in contracts with suppliers or service providers?
Vendor Assessment
150
What is the process to evaluate the security, reliability, and performance of external entities?
Vendor Assessments
151
Why is it crucial to have a significant impact on multiple businesses?
interconnectivity
152
What is the name of the entity in the Vendor Assessment?
Entities in Vendor Assessment
153
What does MSPs do on behalf of organizations?
Manage IT services
154
What does the validation of supplier's cyber?
security practices
155
What does Penetration Testing Validate?
cybersecurity practices
156
What does the right-to-audit clause allow organizations to evaluate vendor's internal processes?
Compliance
157
What is a neutral perspective of external audits?
adherence to security or performance standards
158
What is the purpose of ensuring integrity of the vendor's entire supply chain?
Vendor Selection and Monitoring
159
What does Supply Chain Analysis Assessment of an entire vendor supply chain for?
security and reliability
160
What does the evaluation of a team member include?
Financial stability
161
What do on-the-ground practices ensure?
cultural alignment
162
What could bias the selection process?
conflicts of interest
163
What do Vendor Questionnaires do?
Ensure productive and compliant interactions
164
What is the mechanism used to ensure that the chosen vendor still aligns with organizational needs and standards?
Vendor Monitoring
165
What is the name of the agreement that provides in-depth project-related information?
Non-Disclosure Agreement
166
What does DionTraining define ownership of?
Intellectual Property and revenue distribution
167
What is the name of the organization that identifies, assess, and manages potential risks?
Strategic Alignment
168
What is a mechanism for measuring and monitoring the performance of IT processes?
Performance Measurement
169
What is Adherence to laws, regulations, standards, and policies?
Compliance
170
What does non-compliance lead to penalties?
Trust and Reputation
171
What leads to penalties?
Non-compliance
172
What does compliance enhance reputation and foster trust?
Data Protection
173
What type of disasters are there?
disasters or disruptions
174
What are the key elements of organizational structure?
External entities influencing governance
175
What is the SDLC?
Software Development Lifecycle
176
What is the name of the information security policies that cover a range of areas?
Physical Security
177
What is the purpose of ensuring confidentiality, integrity, and availability of data?
Business Continuity Policy
178
What are strategies for?
power outages, hardware failures, and disasters
179
How many websites do Disaster Recovery Policy Addresses detection, reporting, assessment, response, and learning from?
129
180
What does CompTIA Security+ do during incidents?
Minimizes damage and downtime
181
What is the SDLC policy?
Software Development Lifecycle
182
What is the name of the standard for password hashing and salting for security?
Access Control Standards
183
How many Role Based Access Control models are there?
130
184
What type of access control model does DAC include?
Discretionary Access Control
185
What is RBAC?
Role Based Access Control
186
What do physical security standards address?
Environmental controls and secure areas for sensitive information
187
What does the systematic sequences of actions or steps taken to achieve a specific outcome in an organization do?
Ensures consistency, efficiency, and compliance with standards
188
What is the post-change review?
131
189
What are some of the tasks Offboarding manages when an employee leaves?
property retrieval, access disabling, and exit interviews
190
What is the name of a playbook that provides step-by-step instructions for consistent and efficient execution?
Detailed guides
191
What are organizations required to comply with different regulations?
Regulatory Considerations
192
How many Employment laws address minimum wage, overtime, safety, discrimination?
132
193
What can non-adoption lead to?
Competitive disadvantages and stakeholder criticism
194
What is a major challenge for navigating conflict of laws between jurisdictions?
Compliance
195
What is included in 133 https://www.DionTraining.com?
compliance reporting and compliance monitoring
196
What is included in compliance monitoring 133 https://www.DionTraining.com?
compliance reporting
197
What is the name of the two Types of Compliance Reporting?
Internal Compliance Reporting
198
What is the purpose of Compliance Reporting?
Systematic process of collecting and presenting data
199
What does an internal audit team conduct?
External Compliance Reporting
200
Ensures adherence to what?
internal policies and procedures
201
Who is responsible for ensuring compliance to internal policies and procedures?
internal audit team or compliance department
202
What type of monitoring does Compliance Monitoring include?
internal and external monitoring
203
What does Compliance Monitoring include?
due diligence and due care
204
What risks are identified through thorough review Due Care Mitigating identified risks Attestation and Acknowledgement At
Compliance
205
What is essential to avoid severe consequences?
Compliance in IT
206
What is the purpose of ensuring purchase alignment with company goals Validates budget allocation Assesses security and compatibility with existing infrastructure
Internal Approval Process
207
What is the name of the asset that is integrated into the existing workflow?
Mobile Asset Deployments
208
What is the post-Approval Procurement?
Product compatibility assessment
209
How many Main Mobile Device Deployment Models are there?
three
210
What is the name of the company that provides devices for employees?
CYOD
211
What do employees select devices from?
Employees select devices from a company-approved list
212
How many people are in your organization?
140
213
What are the specific needs of your organization?
Budget constraints
214
What provides a balance between flexibility and control?
CYOD
215
What is a systematic approach to governing and maximizing the value of items an entity is responsible for throughout the asset’s life cycle?
Tangible Assets
216
What approach to maximizing the value of items an entity is responsible for throughout the asset’s life cycle?
Systematic approach
217
What does the process of the allocation or assignment of ownership avoid?
ambiguity
218
What criteria should Classification and Categorization be based on?
Function and value
219
High value assets may require what?
stringent maintenance schedules
220
What can low value assets be considered for?
recycling or disposal
221
What is SY0-701?
CompTIA Security+
222
What is the name of an inventory that maintains an inventory with specifications, location, and assigned users?
Asset Tracking
223
What approach does Enumeration help maintain an accurate inventory?
Proactive approach
224
What is MDM?
Mobile Device Management
225
What is the purpose of removing outdated assets?
Asset Disposal and Decommissioning
226
What is the name of the need to manage the disposal of outdated assets?
Necessity to manage the disposal of outdated assets
227
What is the NIST Special Publication 800-88?
Guidelines for Media Sanitization
228
When is the NIST Special Publication?
800-88
229
What method is used to make data inaccessible and irretrievable from storage medium?
Overwriting
230
How often is it used to reduce the chance of the original data being recovered?
Repeated several times
231
What is a machine called to produce a strong magnetic field that can disrupt magnetic domains on storage devices?
a degausser
232
What is a permanent erasure of data but makes the device unusable?
unreadable and irretrievable
233
What is the purpose of a new tool?
Verifying the Change
234
What do Stakeholder interviews Address discrepancies or issues to refine and optimize the process Documenting the Change Maintain historical
Reflect on past initiatives and improve change management practices
235
How many websites does DionTraining.com have?
148
236
What does CompTIA Security+ have?
Technical Implications of Changes
237
How many times can restart critical services cause data loss?
149
238
What is an example of a backlog?
CompTIA Security+ (SY0-701)
239
What is the name of the document that prevents cascading effects, outages, or disruptions in various parts of your network?
Documenting Changes
240
What create dependencies?
Interconnected systems
241
What provides a clear history of what, when, and why for accountability and future reference?
Documenting changes
242
How many documents should all accompanying documentation be updated when implementing a change?
150
243
What helps improve change management practices?
Learn from past mistakes
244
What is a clear timeline of change actions?
Importance of Records
245
What help create a clear timeline of change actions?
Change requests and trouble tickets
246
What is the objective of Audits and Assessments?
Objective 5.5
247
What are audits?
Systematic evaluations
248
What is the name of the organization's team?
External Audits
249
What is one example of a security measure?
Internal Audit Example
250
Who is responsible for identifying vulnerabilities?
third-party entities
251
What policy does the review of?
Data protection policies
252
What is CompTIA Security+?
Significance of Audits
253
What types of policies, procedures, and controls are there?
Security policies, procedures, and controls
254
What are Vulnerability Assessments?
Threat Assessments
255
What are the Categories before implementing new systems or significant changes?
Risk Assessments
256
Review processes, controls, and compliance Importance Ensure operational effectiveness and compliance to internal policies?
Internal Audits and Assessments
257
What do internal audits and assessments have?
Importance
258
What are independent evaluations by external parties?
External Audits and Assessments
259
What are Verification Areas?
Financial statements
260
What is Simulated cyber attacks to identify vulnerabilities?
Penetration Testing
261
What is another name for CompTIA Security+?
Pen Testing
262
How many Incident response procedures are there?
154
263
What is the name of the internal audit focus areas?
Concepts in Internal Audits
264
What are internal audit focus areas?
Password policies
265
What does ensuring adherence to?
established standards, regulations, and laws
266
What is essential for protecting sensitive data?
Compliance
267
What is the name of the internal audit that may be required for compliance with specific laws or regulations?
Audit Committee
268
What types of activities does a group oversee?
Audit and compliance
269
How many auditors are there?
155
270
Vulnerability assessments, what type of modeling exercises, and risk assessments are part of internal assessments?
Threat
271
What is the term for Assisted Internal Assessments?
Internal Assessment Process
272
What is the name of the Modeling Exercise?
Vulnerability Assessment
273
What does automated scanning tools and manual testing techniques help identify known vulnerabilities and code weaknesses?
Risk Assessment
274
What is used to identify known vulnerabilities and code weaknesses?
automated scanning tools
275
What type of professionals are involved in the Collaborative Approach To maximize the checklist's effectiveness, involve a diverse group of participants from across
Cybersecurity professionals
276
What is the general format and purpose of self-assessments consistent across most organizations?
External Audits and Assessments
277
What is 158 https://www.DionTraining.com/?
Access controls
278
What can external assessments take various forms?
Threat assessments
279
What is the name of the CompTIA?
Security+
280
What is the name of the website that covers various areas of security?
Network security 159
281
What is the name of the infrastructure that Focuses on known assets Evaluates vulnerabilities and weaknesses Aims to understand exploitability
CompTIA Security+ (SY0-701)
282
How many audits are required to ensure the reliability and integrity of the following?
164
283
What is a CompTIA?
Security+
284
What may be provided to prove the occurrence of penetration testing?
A letter of attestation
285
Who may provide a letter of attestation to prove the occurrence of penetration testing?
third parties interested in network security
286
What does System Attestation Validate?
Security posture
287
What standard does System Attestation Validate the security posture of a system?
security standards 165
288
In what audits do third parties provide attestation on financial statements, regulatory compliance, and operational efficiency?
external audits
289
Explain the importance of what in security architecture?
resilience and recovery
290
What is the name of Cyber Resilience Ability to deliver outcomes despite adverse cyber events?
Redundancy
291
What is used for improved performance but offers no data redundancy?
CompTIA Security+ (SY0-701)
292
What is a Safeguard against catastrophic events by maintaining data in independent zones?
Disaster-tolerant
293
What are essential for ensuring data redundancy, availability, and performance in enterprise networks?
RAIDs
294
What is a critical strategic planning effort for organizations?
Ensures an organization is prepared to meet future demands in a cost-effective manner
295
What are specific requirements for RAID type?
performance and fault tolerance
296
What are the four main Aspects of Capacity Planning?
Ensure the right number of people with the right skills for strategic objectives
297
How many technology resources does DionTraining.com have?
173
298
What are some factors that should be considered for future technology demands?
scalability and potential investments in new technology
299
What is the definition of protecting data during transmission?
Importance
300
What does Importance Importance Importance Importance Importance Importance
Protecting data
301
What captures a consistent state 177 https://www.DionTraining.com?
Point-in-time copies
302
How many Point-in-time copies capture a consistent state?
177
303
What type of access can backup data be protected from?
unauthorized access and breaches
304
How do records change since the previous snapshot?
reducing storage requirements
305
What is the key step in data recovery?
Selection of the right backup
306
What are the key steps in the data recovery process?
Several key steps
307
What is essential in the recovery process?
a well-defined and tested recovery plan
308
What is the COOP?
Continuity of Operations Plan
309
What is used to maintain operations during disasters?
Cloud services
310
Who is responsible for developing the BC Plan Goals for BC and DR efforts?
senior management
311
How many senior managers are responsible for developing the BC Plan Goals for BC and DR efforts?
179
312
What is the name of the study note?
CompTIA Security+ (SY0-701)
313
Who is responsible for the Business Continuity Committee?
Comprises representatives from various departments
314
What is determined for different events Identifies and prioritizes systems critical for business continuity?
recovery priorities
315
What factors determine the scope of the plan?
risk appetite and tolerance
316
How many times does the Redundant Site have a slight delay?
180
317
What can be hot, warm, or cold?
Mobile Sites
318
How long is the Cold Sites ready?
1-2 months
319
What is the name of a virtual site that is fully replicated and instantly accessible in the cloud?
Virtual Hot Site
320
How many resources does DionTraining Enhance?
Disaster recovery capabilities
321
What is the purpose of assessing system's ability to withstand and adapt to disruptive events?
Ensures the system can recover from unforeseen incidents
322
What is the purpose of recovery testing?
Ensures that planned recovery procedures work effectively in a real-world scenario
323
What does Scenario-based discussion among key stakeholders do?
Assess and improve an organization's preparedness and response
324
Tabletop Exercises What type of discussion among key stakeholders?
Scenario-based discussion
325
What promotes team-building among stakeholders 182 https://www.DionTraining.com?
Identifies gaps and seams in response plans
326
What does CompTIA Security+ mean?
Low-cost and engaging
327
What is the name of Parallel Processing?
Resilience Testing
328
What is the name of the test that tests the ability of the system to handle multiple failure scenarios?
Recovery Testing
329
How does the system recover from multiple points of failure?
Tests the efficiency of the system to recover from multiple points of failure
330
What is the Security Architecture Objectives?
4.1
331
What is the name of an organization's information security environment?
Security Architecture
332
What is a limitation of user permissions?
Monitor user activities for suspicious behavior
333
What are dynamic and require up-to-date security measures?
Cloud environments
334
What can weak Authentication and Encryption Practices do?
Strong encryption algorithms
335
What can weak authentication and encryption expose cloud systems and data?
Secure key management practices
336
What is the purpose of a secure deletion process?
Verify data removal after deletion
337
How many people are responsible for cloud security?
190
338
What is the name of the hardware that runs directly on hardware?
Type 2
339
What other hardware does ESXi run directly on?
Hyper-V, XenServer, ESXi
340
What is a standard OS?
VirtualBox, VMware
341
What is SDN?
Software-defined Network
342
What is complete isolation Logical Separation More flexible, easier to implement Less secure if not properly configured?
High security
