2.0 Architecture and Design

2.1 Explain the importance of security concepts in an enterprise environment.

Configuration management

Geographical considerations

--- Deception and disruption

Response and recovery

--- Baseline configurations

Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) inspection

--- Standard naming conventions

--- Internet protocol (IP) schema

API considerations

--- Fake telemetry

Data sovereignty

Site resiliency

--- DNS sinkhole

Data protection

--- Data loss prevention

--- In processing

--- Tokenization

--- Rights management

2.2 Summarize virtualization and cloud computing concepts.

Managed service provider (MSP)/ managed security service provider (MSSP)

Infrastructure as code

--- Infrastructure as a service (IaaS)

On-premises vs. off-premises

--- Software-defined networking (SDN)

--- Platform as a service (PaaS)

--- Software-defined visibility (SDV)

--- Software as a service

Serverless architecture

--- Anything as a service (XaaS)

Resource policies

Transit gateway

Microservices/API

--- Sprawl avoidance

--- Virtual machine (VM)

Cloud service providers

--- VM escape protection

2.3 Summarize secure application development, deployment, and automation concepts.

--- Code reuse/dead code

Automation/scripting

--- Development

--- Server-side vs client side execution validation

--- Automated courses of action

--- Test

--- Memory management

--- Continuous monitoring

--- Use of third party libraries and software development kits (SDKs)

--- Continuous validation

--- Data exposure

--- Continuous integration

--- Quality assurance (QA)

Open Web Application Security Project (OWASP)

--- Continuous delivery

Provisioning and deprovisioning

Software diversity

--- Continuous deployment

Integrity measurement

Secure coding techniques

--- Normalization

Version control

--- Stored procedures

--- Obfuscation/camouflage

2.4 Summarize authentication and authorization design concepts.

Authentication methods

Multifactor authentication (MFA) factors and attributes

--- Directory services

--- Fingerprint

--- Something you know

--- Attestation

--- Iris

--- Something you have

--- Technologies

--- Something you are

--- Time-based one-time password (TOTP)

--- HMAC-based one-time password (HOTP)

--- Vein

--- Somewhere you are

--- Short message service (SMS)

--- Gait analysis

--- Something you can do

--- Token key

--- Efficacy rates

--- Something you exhibit

--- Authentication applications

--- False acceptance

--- Someone you know

--- Push notifications

--- False rejection

Authentication, authorization, and accounting (AAA)

--- Phone call

--- Crossover error rate

Cloud vs. on-premises requirements

--- Smart card authentication

2.5 Given a scenario, implement cybersecurty resilience.

--- Offsite storage

--- Disk

--- Storage area network

--- Distance considerations

--- Redundant array of inexpensive disks (RAID) levels

--- VM

Non-persistence

--- Multipath

On-premises vs. cloud

--- Revert to know state

--- Last known good configuration

--- Load balancers

--- Full

--- Live boot media

--- Network interface card (NIC) teaming

--- Incremental

High availability

--- Scalability

--- Uninterruptible power supply (UPS)

--- Differential

Restoration order

--- Generator

--- Tape

--- Dual supply

--- Disk

--- Technologies

--- Managed power distribution units (PDUs)

--- Copy

--- Storage area network

--- Online vs. Offline

2.6 Explain the security implications of embedded and specialized systems.

Embedded systems

--- Subscriber identity module (SIM) cards

--- Raspberry Pi

--- Medical systems

--- Field-programmable gate array (FPGA)

Supervisory control and data acquisition (SCADA)/industrial control system (ICS)

--- Smart meters

Voice over IP (VoIP)

--- Industrials

Heating, ventalation, air conditioning (HVAC)

--- Manufacturing

--- Inability to patch

Multifunction printer (MFP)

--- Authentication

Real-time operating system

Internet of Things (IoT)

Surveillance systems

--- Cost

System on a chip (SoC)

--- Implied trust

--- Smart devices

Communication considerations

--- 5G

--- Facility automation

--- Narrow-band

--- Weak defaults

--- Baseband radio

2.7 Explain the importance of physical security controls.

Bollards/barricades

Access control vestibules

Screened subnet (previously known as demilitarized zone)

--- Cable locks

Protection cable distribution

USB data blocker

--- Safe

--- Motion recognition

Fire suppression

--- Object detection

Closed circuit television (CCTV)

--- Motion detection

Secure data destruction

Industrial camouflage

--- Noise detection

--- Proximity reader

--- Moisture detection

--- Robot sentries

--- Pulverizing

--- Temperature

--- Two-person integrity/control

--- Third-party solutions

2.8 Summarize the basics of cyptographic concepts.

Digital Signatures

--- Supporting integrety

--- Public ledgers

--- Supporting obfuscation

--- Supporting authentication

--- Supporting non-repudiation

Symmetric vs. asymmetric

Elliptical-curve cryptography

Lightweight cryptography

--- Size

Perfect forward secrecy

--- Time

--- Communications

--- Predictability

Homomorphic encryption

Common use cases

Modes of operation

--- Low power devices

--- Computational overheads

--- Authenticated

--- Low latency

--- Resource vs. security constraints

--- Unauthenticated

--- High resiliency

--- Supporting confidentiality