🃏 SecurityX Flashcards

Q: What is NIST RMF?

A: Risk Management Framework: Categorize → Select → Implement → Assess → Authorize → Monitor. Applied to federal systems.

Q: What is ephemeral key exchange?

A: Generates new key pairs per session (e.g., DHE, ECDHE). Provides perfect forward secrecy — past sessions stay secure if long-term key is compromised.

Q: What is HSM?

A: Hardware Security Module — dedicated hardware for secure cryptographic key storage and operations. Tamper-resistant.

Q: What is SCAP?

A: Security Content Automation Protocol — suite of specifications for automating vulnerability management and compliance checking.

Q: What is BCP vs DRP?

A: BCP (Business Continuity Plan): keep operations running during disruption. DRP (Disaster Recovery Plan): restore IT systems after a disaster.

Q: What is data sovereignty?

A: Data is subject to the laws of the country where it is stored. Affects cloud provider selection and data residency decisions.

Q: What is CASB?

A: Cloud Access Security Broker — enforces security policies between users and cloud services (visibility, compliance, threat protection, DLP).

Q: What is TPM?

A: Trusted Platform Module — hardware chip for secure key storage, platform integrity measurement, and hardware-based encryption.

Q: What is a WAF?

A: Web Application Firewall — inspects HTTP traffic to block application attacks (SQLi, XSS, CSRF). Layer 7 protection.

Q: What is DevSecOps?

A: Integrating security into every phase of the DevOps pipeline: code analysis, container scanning, infrastructure as code validation, automated testing.