#
l
e
a
r
n
t
o
r
i
s
e
Architecture and
Infrastructure
Concepts
Considerations
Availability: System uptime and accessibility
Patch Availability: Access to updates
Resilience: Withstanding disruptions
Risk Transference: Shifting risks to third parties
Cost: Financial expenditure
Ease of Deployment: Simple system launch
Responsiveness: Reaction time
Scalability: Growth with demand
3.1: SECURITY IMPLICATIONS OF DIFFERENT
ARCHITECTURE MODELS
SECURITY
+
DOMAIN
3
Cloud: On-demand remote computing resources
Infrastructure as Code (IaC): Automated
infrastructure provisioning
Serverless: Function-based cloud services
Microservices: Modular, deployable services
Network Infrastructure: Hardware and
software network components
www.infosectrain.com
www.infosectrain.com
SECURITY
+
DOMAIN
3
3.2: SECURITY PRINCIPLES TO SECURE
ENTERPRISE INFRASTRUCTURE
Infrastructure
Considerations
Network
Appliances
Firewall
Types
Secure
Communication/
Access
Security Zones: Defined security segments
Attack Surface: Potential vulnerabilities
Failure Modes: System failure types
Device Attribute: Active and passive attributes
Virtual Private Network (VPN): Encrypted network
access
Remote Access: Distant system entry
Tunneling: Secure data passage
Secure Access Service Edge (SASE): Unified
security framework
Proxy Server: Traffic intermediary
IPS/IDS: Threat monitoring systems
Load Balancer: Traffic distribution
Sensor: Monitoring device
Port Security: Control access via ports
Web Application Firewall (WAF): Web traffic protection
Next-Generation Firewall (NGFW):
Advanced security firewall
www.infosectrain.com
SECURITY
+
DOMAIN
3
Data Types
Data
Classifications
3.3 DATA PROTECTION CONCEPTS AND STRATEGIES
Regulated Data: Legally controlled information
Human and Non-Human-Readable Data: Text and
binary formats
Trade Secret: Proprietary business information
Financial Information: Banking and monetary records
Intellectual Property: Copyrighted or patented
content
Legal Information: Attorney-client privileged data
Sensitive Data: Requires special protection
Critical Data: Essential for operations
Confidential Data: Restricted to certain individuals
Private Data: Personal or sensitive information
Public Data: Openly accessible information
Restricted Data: Limited access information
www.infosectrain.com
SECURITY
+
DOMAIN
3
3.3 DATA PROTECTION CONCEPTS AND STRATEGIES
General Data
Considerations
Methods to
Secure Data
Geographic Restrictions: Location-based
data access
Permission Restrictions: Access control limits
Encryption: Secure data encoding
Segmentation: Isolating data sections
Hashing: Data integrity verification
Obfuscation: Making data unintelligible
Masking: Concealing sensitive information
Tokenization: Replacing data with tokens
Data States: In use, transit, storage
Data Sovereignty: Jurisdictional data control
Geolocation: Data location specifics
www.infosectrain.com
3.4: RESILIENCE AND RECOVERY IN
SECURITY ARCHITECTURE
SECURITY
+
DOMAIN
3
High
Availability
Backups
Platform Diversity: Multiple technology platforms used
Testing
Multi-Cloud Systems: Utilizing multiple cloud providers
Continuity of Operations: Ensuring ongoing business functionality
Load Balancing: Distributing traffic among servers
Clustering: Grouping servers for redundancy
Tabletop Exercise: Discussion-based emergency scenarios
Failover: Automatic switching to backup system
Simulation: Realistic, practice disaster scenarios
Parallel Processing: Simultaneous system operation testing
Onsite/Offsite: Local and remote backup storage
Frequency: Regular backup intervals
Recovery: Restoring from backup data
Replication: Real-time data duplication
Journaling: Logging changes for recovery
To Get More Insights Through Our FREE
FOUND THIS USEFUL?
Courses | Workshops | eBooks | Checklists | Mock Tests
LIKE FOLLOW
SHARE

Security Architecture, Security+ Domain 3.pdf

  • 1.
  • 2.
    Architecture and Infrastructure Concepts Considerations Availability: Systemuptime and accessibility Patch Availability: Access to updates Resilience: Withstanding disruptions Risk Transference: Shifting risks to third parties Cost: Financial expenditure Ease of Deployment: Simple system launch Responsiveness: Reaction time Scalability: Growth with demand 3.1: SECURITY IMPLICATIONS OF DIFFERENT ARCHITECTURE MODELS SECURITY + DOMAIN 3 Cloud: On-demand remote computing resources Infrastructure as Code (IaC): Automated infrastructure provisioning Serverless: Function-based cloud services Microservices: Modular, deployable services Network Infrastructure: Hardware and software network components www.infosectrain.com
  • 3.
    www.infosectrain.com SECURITY + DOMAIN 3 3.2: SECURITY PRINCIPLESTO SECURE ENTERPRISE INFRASTRUCTURE Infrastructure Considerations Network Appliances Firewall Types Secure Communication/ Access Security Zones: Defined security segments Attack Surface: Potential vulnerabilities Failure Modes: System failure types Device Attribute: Active and passive attributes Virtual Private Network (VPN): Encrypted network access Remote Access: Distant system entry Tunneling: Secure data passage Secure Access Service Edge (SASE): Unified security framework Proxy Server: Traffic intermediary IPS/IDS: Threat monitoring systems Load Balancer: Traffic distribution Sensor: Monitoring device Port Security: Control access via ports Web Application Firewall (WAF): Web traffic protection Next-Generation Firewall (NGFW): Advanced security firewall
  • 4.
    www.infosectrain.com SECURITY + DOMAIN 3 Data Types Data Classifications 3.3 DATAPROTECTION CONCEPTS AND STRATEGIES Regulated Data: Legally controlled information Human and Non-Human-Readable Data: Text and binary formats Trade Secret: Proprietary business information Financial Information: Banking and monetary records Intellectual Property: Copyrighted or patented content Legal Information: Attorney-client privileged data Sensitive Data: Requires special protection Critical Data: Essential for operations Confidential Data: Restricted to certain individuals Private Data: Personal or sensitive information Public Data: Openly accessible information Restricted Data: Limited access information
  • 5.
    www.infosectrain.com SECURITY + DOMAIN 3 3.3 DATA PROTECTIONCONCEPTS AND STRATEGIES General Data Considerations Methods to Secure Data Geographic Restrictions: Location-based data access Permission Restrictions: Access control limits Encryption: Secure data encoding Segmentation: Isolating data sections Hashing: Data integrity verification Obfuscation: Making data unintelligible Masking: Concealing sensitive information Tokenization: Replacing data with tokens Data States: In use, transit, storage Data Sovereignty: Jurisdictional data control Geolocation: Data location specifics
  • 6.
    www.infosectrain.com 3.4: RESILIENCE ANDRECOVERY IN SECURITY ARCHITECTURE SECURITY + DOMAIN 3 High Availability Backups Platform Diversity: Multiple technology platforms used Testing Multi-Cloud Systems: Utilizing multiple cloud providers Continuity of Operations: Ensuring ongoing business functionality Load Balancing: Distributing traffic among servers Clustering: Grouping servers for redundancy Tabletop Exercise: Discussion-based emergency scenarios Failover: Automatic switching to backup system Simulation: Realistic, practice disaster scenarios Parallel Processing: Simultaneous system operation testing Onsite/Offsite: Local and remote backup storage Frequency: Regular backup intervals Recovery: Restoring from backup data Replication: Real-time data duplication Journaling: Logging changes for recovery
  • 7.
    To Get MoreInsights Through Our FREE FOUND THIS USEFUL? Courses | Workshops | eBooks | Checklists | Mock Tests LIKE FOLLOW SHARE