Chapter 23: Security Architecture and Design Principles

📖 Key Topics Covered

▸ Security Architecture and
▸ Compare access control models (DAC, MAC, RBAC, ABAC)
▸ Defense in Depth
▸ Security Layers
▸ Firewalls, DMZ, IDS/IPS, VPN gateways
▸ VLANs, ACLs, network segmentation, NAC
▸ Antivirus, host firewall, HIDS, patch
▸ Protect individual devices
▸ Input validation, secure coding, WAF
▸ Encryption, DLP, access controls, backups
▸ Identity and Access Management (IAM)
▸ Authentication Factors
▸ Something you know
▸ Password, PIN, security questions
▸ Something you have

🔑 Key Terms

ABAC (attribute‐based) DAC (Discretionary) DAC (owner‐controlled) MAC (Mandatory) MAC (classification‐based) Passkeys RBAC (Role‐Based) RBAC (role‐based) Zero Trust

See the full definitions in the Glossary and test yourself with Flashcards.

Assessment Tips

💡 Assessment Tip

Defense in depth is a core exam concept. Be able to identify which security controls belong to which layer. Know the authentication factors and that MFA requires factors from different categories. Understand the Zero Trust model: never trust, always

💡 Assessment Tip

Passkeys eliminate the two biggest authentication attack vectors: credential stuffing (no reusable passwords) and phishing (domain‐bound keys). When comparing authentication methods, passkeys offer the strongest protection against both server‐side br

← Chapter 22 All Chapters Chapter 24 →