Given a scenario, apply security solutions for infrastructure management.
Cloud vs. on-premises
Asset management
Segmentation
- Physical
- Virtual
- Jumpbox
- System isolation
Network architecture
- Physical
- Software-defined
- Virtual private cloud (VPC)
- Virtual private network (VPN)
- Serverless
Change management
Virtualization
- Virtual desktop infrastructure (VDI)
Containerization
Identity and access management
- Privilege management
- Multifactor authentication (MFA)
- Single sign-on (SSO)
- Federation
- Role-based
- Attribute-based
- Mandatory
- Manual review
Cloud access security broker (CASB)
Honeypot
Monitoring and logging
Encryption
Certificate management
Active defense
Explain software assurance best practices.
Platforms
- Mobile
- Web application
- Client/server
- Embedded
- System-on-chip (SoC)
- Firmware
Software development life cycle (SDLC) integration
DevSecOps
Software assessment methods
- User acceptance testing
- Stress test application
- Security regression testing
- Code review
Secure coding best practices
- Input validation
- Output encoding
- Session management
- Authentication
- Data protection
- Parameterized queries
Static analysis tools
Dynamic analysis tools
Formal methods for verification of critical software
Service-oriented architecture
- Security Assertions Markup Language (SAML)
- Simple Object Access Protocol (SOAP)
- Representational State Transfer (REST)
- Microservices
Explain hardware assurance best practices.
Hardware root of trust
- Trusted platform module (TPM)
- Hardware security module (HSM)
eFuse
Unified Extensible Firmware Interface (UEFI)
Trusted foundry
Secure processing
- Trusted execution
- Secure enclave
- Processor security extensions
- Atomic execution
Anti-tamper
Self-encrypting drive
Trusted firmware updates
Measured boot and attestation
Bus encryption
