SKILL BENCHMARK

Security+: Architecture and Design Competency

  • 30m
  • 30 questions
The Security+: Architecture and Design Competency benchmark will measure your ability to recognize key terms and concepts related to security architecture and design. You will be evaluated on security concepts for enterprise networks, implementing resilience, security concepts for virtualization and cloud, security controls, and authentication and design. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key security architecture and design terminology and concepts.

Topics covered

  • compare and contrast cloud security solutions such as CASB application security and next-generation secure web gateways
  • compare authentication technologies like time-based one-time password, HMAC-based one-time password, and SMS services
  • compare character mode access for administrative actions to packet or network mode for mediated access services
  • compare response and recovery controls as a part of enterprise business continuity and disaster recovery
  • compare the differences in authentication and authorization design in an on-premise environment and a cloud service provider environment
  • define deception and disruption techniques using honeypots, honey tokens, honeyfiles, honeynets, fake telemetry, and DNS sinkholes
  • define federation and attestation including single-sign-on, trusted services, and secure tokens
  • define high availability concepts like redundancy and durability
  • define serverless computing and Functions as a Service for a variety of use cases
  • define the cloud provider's transit gateways that use cloud computing to replace traditional VPN concentrators and legacy transit virtual networks
  • describe automation and scripting including continuous monitoring, validation, integration, delivery, and deployment
  • describe cloud compute security including security groups, dynamic resource allocation, instance awareness, secure endpoints, and container security
  • describe cloud security of block and object storage services at the cloud service provider
  • describe cloud security of virtual networks or virtual private clouds including public and private subnets and other segmentation methods
  • describe containerization and different CSP-managed Docker and Kubernetes services
  • describe hashing and application programming interfaces and the importance of digitally signing all API calls
  • describe Infrastructure as Code and automation using JSON and YAML to create a single source of truth
  • describe multi-factor authentication as in something you know, something you have, and something you are
  • describe order of restoration when dealing with continuity of operations and resiliency measures in the enterprise
  • describe secure coding techniques like normalization, using stored procedures, obfuscation, and code reuse
  • describe software diversity and how it relates specifically to compilers and binaries
  • describe SSL/TLS inspection accomplished by next-generation firewalls, WAF solutions, and other cloud-based techniques
  • describe the attributes of AAA services including authentication and identity, authorization and access management, and accounting for audit and billing purposes
  • describe the on-premises or cloud-based CASB security policy enforcement points that are set between cloud service providers and their consumers
  • describe types of site resiliency including hot site, cold site, and warm site solutions
  • describe various forms of integrity measurement to enhance application security such as digitally signing code and API calls
  • describe various smart card solutions and applications for authentication and identity services
  • recognize common and emerging biometric identity mechanisms including fingerprint, retina, iris, facial, and voice recognition
  • recognize geographic factors such as jurisdictions, privacy laws, import-export restrictions, and cryptographic regulations
  • use the Open Web Application Security Project guidelines to secure web applications and services