CompTIA Security+ SY0-701 ||\\||\\ ||\\||\\ ||\\||\\
3.0 Security Architecture exam ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
with correct answers ||\\||\\ ||\\||\\
Data Classification ||\\||\\
Based on the organization's value and the sensitivity of
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
the information if it were to be disclosed
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Data Classifications ||\\||\\
1. Sensitive
||\\||\\
2. Confidential
||\\||\\
3. Public
||\\||\\
4. Restricted
||\\||\\
5. Private
||\\||\\
6. Critical
||\\||\\
Security Infrastructure ||\\||\\
Combination of software, hardware, policies, and ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
practices that organizations use to protect information ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Intrusion Detection System (IDS) ||\\||\\ ||\\||\\ ||\\||\\
Logs and alerts suspicious activity
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
,Network IDS (NIDS) ||\\||\\ ||\\||\\
Responsible for detection unauthorized network access or ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
attacks
||\\||\\
IPSec
A protocol suite for secure communication through
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
authentication and data packets in IP networks ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
IPSec Transport Mode ||\\||\\ ||\\||\\
Employs the original IP header ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Software-Defined Wide Area Network (SD-WAN) ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Virtualized approach to managing and optimizing wide ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
area network connections to efficiently route traffic
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
between remote sites, data centers, and cloud ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
environments
Security Zone ||\\||\\
Distinct segment within a network often created by ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
logically isolating the segment using a firewall or other ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
security device ||\\||\\
Attack Surface of a Network ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Refers to all the points where an unauthorized user can ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
try to enter data to extract data from an environment
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
,Active Device ||\\||\\
Monitors and acts on malicious traffic ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Passive Device ||\\||\\
Monitors and reports, but does not act ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Inline Device ||\\||\\
Tap/Monitor Device ||\\||\\
Operates discreetly outside a network path without ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
impacting traffic ||\\||\\
Fail Mode ||\\||\\
Determines how a device behaves in a failure ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Fail Modes ||\\||\\
1. Fail-Closed
||\\||\\
2. Fail-Open
||\\||\\
Fail-Open
Allows all traffic in the event of a failure to ensure there's
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
no disruption to network services
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Least Privlidge ||\\||\\
Users or systems are granted only the necessary access
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
rights
, Defense in Depth ||\\||\\ ||\\||\\
Using multiple layers of security ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Risk-Based Approach ||\\||\\
Prioritizing controls based on potential risks and ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
vulnerabilities specific to the infrastructure to make ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
efficient use of resources ||\\||\\ ||\\||\\ ||\\||\\
Lifecycle Management ||\\||\\
Regularly review, update, and retire controls to adapt to ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
evolving threats ||\\||\\
Open Design Principle ||\\||\\ ||\\||\\
Ensuring transparency and accountability through ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
rigorous testing and scrutiny of infrastructure and controls
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Control
A protective measure put in place to reduce potential risks
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
and safeguard an organization's assets
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Fail-Closed
Blocks all traffic in the event of a failure ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Connectivity
3.0 Security Architecture exam ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
with correct answers ||\\||\\ ||\\||\\
Data Classification ||\\||\\
Based on the organization's value and the sensitivity of
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
the information if it were to be disclosed
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Data Classifications ||\\||\\
1. Sensitive
||\\||\\
2. Confidential
||\\||\\
3. Public
||\\||\\
4. Restricted
||\\||\\
5. Private
||\\||\\
6. Critical
||\\||\\
Security Infrastructure ||\\||\\
Combination of software, hardware, policies, and ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
practices that organizations use to protect information ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Intrusion Detection System (IDS) ||\\||\\ ||\\||\\ ||\\||\\
Logs and alerts suspicious activity
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
,Network IDS (NIDS) ||\\||\\ ||\\||\\
Responsible for detection unauthorized network access or ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
attacks
||\\||\\
IPSec
A protocol suite for secure communication through
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
authentication and data packets in IP networks ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
IPSec Transport Mode ||\\||\\ ||\\||\\
Employs the original IP header ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Software-Defined Wide Area Network (SD-WAN) ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Virtualized approach to managing and optimizing wide ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
area network connections to efficiently route traffic
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
between remote sites, data centers, and cloud ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
environments
Security Zone ||\\||\\
Distinct segment within a network often created by ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
logically isolating the segment using a firewall or other ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
security device ||\\||\\
Attack Surface of a Network ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Refers to all the points where an unauthorized user can ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
try to enter data to extract data from an environment
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
,Active Device ||\\||\\
Monitors and acts on malicious traffic ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Passive Device ||\\||\\
Monitors and reports, but does not act ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Inline Device ||\\||\\
Tap/Monitor Device ||\\||\\
Operates discreetly outside a network path without ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
impacting traffic ||\\||\\
Fail Mode ||\\||\\
Determines how a device behaves in a failure ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Fail Modes ||\\||\\
1. Fail-Closed
||\\||\\
2. Fail-Open
||\\||\\
Fail-Open
Allows all traffic in the event of a failure to ensure there's
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
no disruption to network services
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Least Privlidge ||\\||\\
Users or systems are granted only the necessary access
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
rights
, Defense in Depth ||\\||\\ ||\\||\\
Using multiple layers of security ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Risk-Based Approach ||\\||\\
Prioritizing controls based on potential risks and ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
vulnerabilities specific to the infrastructure to make ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
efficient use of resources ||\\||\\ ||\\||\\ ||\\||\\
Lifecycle Management ||\\||\\
Regularly review, update, and retire controls to adapt to ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
evolving threats ||\\||\\
Open Design Principle ||\\||\\ ||\\||\\
Ensuring transparency and accountability through ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
rigorous testing and scrutiny of infrastructure and controls
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Control
A protective measure put in place to reduce potential risks
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
and safeguard an organization's assets
||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Fail-Closed
Blocks all traffic in the event of a failure ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\ ||\\||\\
Connectivity
