CISSP Chapter Review PDF
Document Details
Uploaded by PlentifulMonkey
Universidad Autónoma de Nuevo León
Tags
Related
Summary
This chapter reviews different system architectures, focusing on their components and interactions. It explores client-server, cloud, and other models, highlighting security challenges and advantages. The document promotes understanding of systems to improve security.
Full Transcript
CISSP All-in-One Exam Guide 310 Chapter Review Central to securing our systems is understanding their components and how they interact with each other—in other words, their architectures. While it may seem that architectural terminology overlap...
CISSP All-in-One Exam Guide 310 Chapter Review Central to securing our systems is understanding their components and how they interact with each other—in other words, their architectures. While it may seem that architectural terminology overlaps quite a bit, in reality each approach brings some unique challenges and some not-so-unique challenges. As security professionals, we need to understand where architectures are similar and where they differ. We can mix and match, of course, but must also do so with a clear understanding of the underlying issues. In this chapter, we’ve classified the more common system architectures and discussed what makes them unique and what specific security challenges they pose. Odds are that you will encounter devices and systems in most, if not all, of the architectures we’ve covered here. Quick Review Client-based systems execute all their core functions on the user’s device and don’t require network connectivity. Server-based systems require that a client make requests from a server across a network connection. Transactions are sequences of actions required to properly change the state of a database. Database transactions must be atomic, consistent, isolated, and durable (ACID). Aggregation is the act of combining information from separate sources and is a security problem when it allows unauthorized individuals to piece together sensitive information. Inference is deducing a whole set of information from a subset of its aggregated components. This is a security problem when it allows unauthorized individuals to infer sensitive information. High-performance computing (HPC) is the aggregation of computing power in ways that exceed the capabilities of general-purpose computers for the specific purpose of solving large problems. Industrial control systems (ICS) consist of information technology that is specifically designed to control physical devices in industrial processes. Any system in which computers and physical devices collaborate via the exchange of inputs and outputs to accomplish a task or objective is an embedded or cyber- physical system. The two main types of ICS are distributed control systems (DCS) and supervisory control and data acquisition (SCADA) systems. The main difference between them is that a DCS controls local processes while SCADA is used to control things remotely. ICS should always be logically or physically isolated from public networks. Virtualized systems are those that exist in software-simulated environments. Virtual machines (VMs) are systems in which the computing hardware has been virtualized for the operating systems running in them. Chapter 7: System Architectures 311 Containers are systems in which the operating systems have been virtualized for the applications running in them. Microservices are software architectures in which features are divided into multiple separate components that work together in a distributed manner across a network. Containers and microservices don’t have to be used together but it’s very common to do so. In a serverless architecture, the services offered to end users can be performed without a requirement to set up any dedicated server infrastructure. Cloud computing is the use of shared, remote computing devices for the purpose of providing improved efficiencies, performance, reliability, scalability, and security. Software as a Service (SaaS) is a cloud computing model that provides users access to a specific application that executes in the service provider’s environment. PART III Platform as a Service (PaaS) is a cloud computing model that provides users access to a computing platform but not to the operating system or to the virtual machine on which it runs. Infrastructure as a Service (IaaS) is a cloud computing model that provides users unfettered access to a cloud device, such as an instance of a server, which includes both the operating system and the virtual machine on which it runs. An embedded system is a self-contained, typically ruggedized, computer system with its own processor, memory, and input/output devices that is designed for a very specific purpose. The Internet of Things (IoT) is the global network of connected embedded systems. A distributed system is a system in which multiple computing nodes, interconnected by a network, exchange information for the accomplishment of collective tasks. Edge computing is a distributed system in which some computational and data storage assets are deployed close to where they are needed in order to reduce latency and network traffic. Questions Please remember that these questions are formatted and asked in a certain way for a reason. Keep in mind that the CISSP exam is asking questions at a conceptual level. Questions may not always have the perfect answer, and the candidate is advised against always looking for the perfect answer. Instead, the candidate should look for the best answer in the list. 1. Which of the following lists two foundational properties of database transactions? A. Aggregation and inference B. Scalability and durability C. Consistency and performance D. Atomicity and isolation
