Security Architecture

Question 1

What is Security Architecture?

Answer 1

Design, structure, and behavior of an organization’s information security environment

It encompasses various models and techniques to protect information assets.

Question 2

What are the two types of deployment models in security architecture?

Answer 2

• On-Premise
• Cloud

On-Premise refers to traditional local infrastructure, while Cloud involves delivery of computing services over the internet.

Question 3

Name three cloud security considerations.

Answer 3

• Shared Physical Server Vulnerabilities
• Inadequate Virtual Environment Security
• User Access Management

These considerations address potential risks in cloud environments.

Question 4

What is Serverless Computing?

Answer 4

Cloud provider manages server allocation; developers focus solely on writing code

It allows developers to deploy functions without managing server infrastructure.

Question 5

Define Microservices Architecture.

Answer 5

Collection of small, autonomous services; each performs a specific business process

This architecture contrasts with traditional monolithic systems.

Question 6

What does Infrastructure as Code (IaC) entail?

Answer 6

Automation of managing and provisioning technology stack

IaC uses code for infrastructure management, enhancing consistency and efficiency.

Question 7

What are the benefits of Hybrid Solutions?

Answer 7

• Sensitive data protection
• Regulatory compliance
• Interoperability
• Cost-effectiveness

Hybrid solutions combine on-premise and cloud services for flexibility.

Question 8

What is a Single Point of Failure?

Answer 8

A reliance on specific resources or processes that can lead to system-wide outages if they fail

Mitigation includes implementing redundancy and failover procedures.

Question 9

True or False: Cloud security is a shared responsibility.

Answer 9

TRUE

Both the cloud service provider and the customer share responsibilities for security.

Question 10

What are the two types of Hypervisors?

Answer 10

• Type 1 (Bare Metal)
• Type 2 (Hosted)

Type 1 runs directly on hardware, while Type 2 operates within a standard OS.

Question 11

What is Data Remnants?

Answer 11

Residual data left behind after deletion or erasure processes

In cloud environments, data may not be completely removed, posing a security risk.

Question 12

What are the key benefits of Containerization?

Answer 12

• Efficiency
• Speed
• Portability
• Scalability
• Isolation

Containerization encapsulates applications with their OS environment.

Question 13

What does User Access Management aim to prevent?

Answer 13

Unauthorized access to sensitive data and systems

Mitigation strategies include enforcing strong password policies and implementing multi-factor authentication.

Question 14

What is the Responsibility Matrix in cloud computing?

Answer 14

Outlines the division of responsibilities between the cloud service provider and the customer

It clarifies who is responsible for various aspects of security and management.

Question 15

What is Logical Separation?

Answer 15

Establishes boundaries within a network to restrict access to certain areas

Implemented using firewalls, VLANs, and network devices.

Question 16

What are the challenges of Microservices?

Answer 16

• Complexity
• Data Management
• Network Latency
• Security

The distributed nature of microservices increases the attack surface and management complexity.

Question 17

What is Software-Defined Networking (SDN)?

Answer 17

Dynamic, programmatically efficient network configuration

SDN improves network performance and monitoring by decoupling control and forwarding functions.

Question 18

What is the key advantage of IaC?

Answer 18

Operation consistently produces the same results

Crucial for consistency and reliability in multiple environments.

Question 19

What is the difference between Physical and Logical Separation?

Answer 19

• Physical Separation: High security, complete isolation
• Logical Separation: More flexible, easier to implement

Physical separation is often referred to as ‘Air Gapping’.

Question 20

What are the risks associated with centralized architecture?

Answer 20

• Single Point of Failure
• Scalability Issues
• Security Risks

Centralized systems can disrupt the entire network if a server fails and struggle to handle growth.

Question 21

What are the benefits of decentralized architecture?

Answer 21

• Resilience
• Scalability
• Flexibility

Decentralized systems can continue functioning despite individual node failures and support remote work.

Question 22

What are the considerations for choosing between centralized and decentralized systems?

Answer 22

• Data accuracy and resource management priorities for centralized systems
• Resilience, flexibility, and rapid scaling needs for decentralized systems

The choice depends on the organization’s specific needs and context.

Question 23

Define Internet of Things (IoT).

Answer 23

Network of physical devices with sensors, software, and connectivity

IoT enables data exchange among connected objects.

Question 24

What is the role of a Hub/Control System in IoT?

Answer 24

Central component connecting IoT devices

It collects, processes, analyzes data, and sends commands.

Question 25

What are **smart devices**?

Answer 25

Everyday objects enhanced with computing and internet capabilities ## Footnote They sense the environment, process data, and perform tasks autonomously.

Question 26

What are the **risks** associated with **IoT devices**?

Answer 26

* Weak Default Settings * Poorly Configured Network Services ## Footnote Changing default usernames/passwords and keeping IoT devices on a separate network is essential.

Question 27

What are **Industrial Control Systems (ICS)** used for?

Answer 27

Monitor and control industrial processes ## Footnote Found in industries like electrical, water, oil, gas, and data.

Question 28

What is a **Supervisory Control and Data Acquisition (SCADA)** system?

Answer 28

Type of ICS designed for monitoring and controlling geographically dispersed industrial processes ## Footnote Common in electric power generation, water treatment, and oil and gas pipeline monitoring.

Question 29

What are the **risks** associated with **ICS and SCADA systems**?

Answer 29

* Unauthorized Access * Malware Attacks * Lack of Updates * Physical Threats ## Footnote These systems can be manipulated by unauthorized individuals and are vulnerable to malware.

Question 30

What are key **security strategies** for **securing ICS and SCADA systems**?

Answer 30

* Implement Strong Access Controls * Regularly Update and Patch Systems * Use Firewall and Intrusion Detection Systems * Conduct Regular Security Audits * Employee Training ## Footnote These strategies help protect against unauthorized access and vulnerabilities.

Question 31

Define **embedded systems**.

Answer 31

Specialized computing components designed for dedicated functions within larger devices ## Footnote They integrate hardware and mechanical elements and are essential for various daily-use devices.

Question 32

What is a **Real-Time Operating System (RTOS)**?

Answer 32

Designed for real-time applications that process data without significant delays ## Footnote Critical for time-sensitive applications like flight navigation and medical equipment.

Question 33

What are the **risks** associated with **embedded systems**?

Answer 33

* Hardware Failure * Software Bugs * Security Vulnerabilities * Outdated Systems ## Footnote These systems can be prone to failure and are vulnerable to cyber-attacks.

Question 34

What are key **security strategies** for **embedded systems**?

Answer 34

* Network Segmentation * Wrappers (e.g., IPSec) * Firmware Code Control * Challenges in Patching ## Footnote These strategies help maintain system integrity and limit potential damage in case of a breach.