the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.ServicesLoad balancerIntrusion detection system (IDS)/network intrusion detection system (NIDS)/wireless intrusion detection system (WIDS)Intrusion prevention system (IPS)/network intrusion prevention system (NIPS)/wireless intrusion prevention system (WIPS)Web application firewall (WAF)Network access control (NAC)Virtual private network (VPN)Domain Name System Security Extensions (DNSSEC)Firewall/unified threat management (UTM)/next-generation firewall (NGFW)Network address translation (NAT) gatewayInternet gatewayForward/transparent proxyReverse proxyDistributed denial-of-service (DDoS) protectionRoutersMail securityApplication programming interface (API) gateway/Extensible Markup Language (XML) gatewayTraffic mirroringSwitched port analyzer (SPAN) portsPort mirroringVirtual private cloud (VPC)Network tapSensorsSecurity information and event management (SIEM)File integrity monitoring (FIM)Simple Network Management Protocol (SNMP) trapsNetFlowData loss prevention (DLP)AntivirusSegmentationMicrosegmentationLocal area network (LAN)/virtual local area network (VLAN)Jump boxScreened subnetData zonesStaging environmentsGuest environmentsVPC/virtual network (VNET)Availability zoneNAC listsPolicies/security groupsRegionsAccess control lists (ACLs)Peer-to-peerAir gap Deperimeterization/zero trustCloudRemote workMobileOutsourcing and contractingWireless/radio frequency (RF) networksMerging of networks from various organizationsPeeringCloud to on premisesData sensitivity levelsMergers and acquisitionsCross-domainFederationDirectory servicesSoftware-defined networking (SDN)Open SDNHybrid SDNSDN overlay1.2 Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.ScalabilityVerticallyHorizontallyResiliencyHigh availabilityDiversity/heterogeneityCourse of action orchestrationDistributed allocationRedundancyReplicationClustering AutomationAutoscalingSecurity Orchestration, Automation and Response (SOAR)BootstrappingPerformanceContainerizationVirtualizationContent delivery networkCaching1.3 Given a scenario, integrate software applications securely into an enterprise architecture.Baseline and templatesSecure design patterns/types of web technologiesStorage design patternsContainer APIsSecure coding standardsApplication vetting processesAPI managementMiddlewareSoftware assuranceSandboxing/development environmentValidating third-party librariesDefined DevOps pipelineCode signingInteractive application security testing (IAST) vs. dynamic application security testing (DAST) vs. static application security testing (SAST)Considerations of integrating enterprise applicationsCustomer relationship management (CRM)Enterprise resource planning (ERP)Configuration management database (CMDB)Content management system (CMS)Integration enablersDirectory servicesDomain name system (DNS)Service-oriented architecture (SOA)Enterprise service bus (ESB)Integrating security into development life cycleFormal methodsRequirementsFieldingInsertions and upgradesDisposal and reuseTestingRegressionUnit testingIntegration testingDevelopment approachesSecDevOpsAgileWaterfallSpiralVersioningContinuous integration/continuous delivery (CI/CD) pipelinesBest practicesOpen Web Application Security Project (OWASP)Proper Hypertext Transfer Protocol (HTTP) headers 1.4 Given a scenario, implement data security techniques for securing enterprise architecture.Data loss preventionBlocking use of external mediaPrint blockingRemote Desktop Protocol (RDP) blockingClipboard privacy controlsRestricted virtual desktop infrastructure (VDI) implementationData classification blockingData loss detectionWatermarkingDigital rights management (DRM)Network traffic decryption/deep packet inspectionNetwork traffic analysisData classification, labeling, and taggingMetadata/attributesObfuscationTokenizationScrubbingMaskingAnonymizationEncrypted vs. unencryptedData life cycleCreateUseShareStoreArchiveDestroyData inventory and mappingData integrity managementData storage, backup, and recoveryRedundant array of inexpensive disks (RAID)1.5 Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.Credential managementPassword repository applicationEnd-user password storageOn premises vs. cloud repositoryHardware key managerPrivileged access managementPassword policiesComplexityLengthCharacter classesHistoryMaximum/minimum ageAuditingReversable encryptionFederationTransitive trustOpenIDSecurity Assertion Markup Language (SAML)ShibbolethAccess controlMandatory access control (MAC)Discretionary access control (DAC)Role-based access controlRule-based access controlAttribute-based access controlProtocolsRemote Authentication Dial-in User Server (RADIUS)Terminal Access Controller Access Control System (TACACS)DiameterLightweight Directory Access Protocol (LDAP)KerberosOAuth802.1XExtensible Authentication Protocol (EAP)Multifactor authentication (MFA)Two-factor authentication (2FA)2-Step VerificationIn-bandOut-of-bandOne-time password (OTP)HMAC-based one-time password (HOTP)Time-based one-time password (TOTP)Hardware root of trustSingle sign-on (SSO)JavaScript Object Notation (JSON) web token (JWT)Attestation and identity proofing1.6 Given a set of requirements, implement secure cloud and virtualization solutions.Virtualization strategiesType 1 vs. Type 2 hypervisorsContainersEmulationApplication virtualizationVDIProvisioning and deprovisioningMiddlewareMetadata and tagsDeployment models and considerationsBusiness directivesCostScalabilityResourcesLocationData protectionCloud deployment modelsPrivatePublicHybridCommunityHosting modelsMultitenantSingle-tenantService modelsSoftware as a service (SaaS)Platform as a service (PaaS)Infrastructure as a service (IaaS)Cloud provider limitationsInternet Protocol (IP) address schemeVPC peeringExtending appropriate on-premises controls Storage modelsObject storage/file-based storageDatabase storageBlock storageBlob storageKey-value pairs1.7 Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.Privacy and confidentiality requirementsIntegrity requirementsNon-repudiationCompliance and policy requirementsCommon cryptography use casesData at restData in transitData in process/data in useProtection of web servicesEmbedded systemsKey escrow/managementMobile securitySecure authenticationSmart cardCommon PKI use casesWeb servicesEmailCode signingFederationTrust modelsVPNEnterprise and security automation/orchestration 1.8 Explain the impact of emerging technologies on enterprise security and privacy.Artificial intelligenceMachine learningQuantum computingBlockchainHomomorphic encryptionPrivate information retrievalSecure function evaluationPrivate function evaluationSecure multiparty computationDistributed consensusBig DataVirtual/augmented reality3D printingPasswordless authenticationNano technologyDeep learningNatural language processingDeep fakesBiometric impersonation
1 Your organization experienced a security event that led to the loss and disruption of services. You were chosen to investigate the disruption to prevent the risk of it happening again. What is this process called?Incident managementForensic tasksMandatory vacationJob rotation
2 Brett is a new CISO, and he is evaluating different controls for availability. Which set of controls should he choose?RAID 1, classification of data, and load balancingDigital signatures, encryption, and hashesSteganography, ACLs, and vulnerability managementChecksums, DOS attacks, and RAID 0
3 Charles has received final documentation from a compliance audit. The report suggested his organization should implement a complementary security tool to work with the firewall to detect any attempt at scanning. Which device does Charles choose?RASPBXIDSDDT
4 Nicole is the security administrator for a large governmental agency. She has implemented port security, restricted network traffic, and installed NIDS, firewalls, and spam filters. She thinks the network is secure. Now she wants to focus on endpoint security. What is the most comprehensive plan for her to follow?Antimalware/virus/spyware, host-based firewall, and MFAAntivirus/spam, host-based IDS, and TFAAntimalware/virus, host-based IDS, and biometricsAntivirus/spam, host-based IDS, and SSO
5 Sally's CISO asked her to recommend an intrusion system to recognize intrusions traversing the network and send email alerts to the IT staff when one is detected. What type of intrusion system does the CISO want?HIDSNIDSHIPSNIPS
6 Kenneth is the CISO of an engineering organization. He asked the security department to recommend a system to be placed on business-critical servers to detect and stop intrusions. Which of the following will meet the CISO's requirement?HIPSNIDSHIDSNIPS
7 Paul's company has discovered that some of his organization's employees are using personal devices, including cell phones, within highly secure areas. The CISO wants to know which employees are violating this policy. Which of the following devices can inform the CISO who is violating this policy?DLPWIDSNIPSFirewall
8 Suzette's company discovered that some of her organization's employees are copying corporate documents to Microsoft blob cloud drives outside the control of the company. She has been instructed to stop this practice from occurring. Which of the
Скачать книгу