2.1 Architecture and Design - Enterprise Environment

Data Loss Prevention is a strategy or set of tools and processes designed to prevent unauthorized access, sharing, or leakage of sensitive and confidential information. (2.1)

Data Masking transforms sensitive information for testing while maintaining structure. It allows realistic datasets without exposing actual customer data.

• Data Encryption: Encrypts but doesn't transform data, maintaining sensitivity.

• Data Archiving: Focuses on storage, not suitable for creating realistic test datasets.

• Data clustering: A technique used for grouping similar data points based on certain criteria. (2.1)

• Data encryption is designed to secure information during transmission, converting it into a coded format that can only be deciphered by authorized parties.

• Data Obfuscation: Obfuscation involves making data unclear, but it may not provide the robust protection needed during transmission.

• Data Compression: Compression reduces file size but doesn't focus on securing data during transmission.

• Data Masking: Masking is more relevant for creating non-production datasets than securing data during transmission. (2.1)

Data at rest refers to information that is stored or archived on a storage device and is not actively being used, processed, or transmitted. This data is in a static state, residing on physical or digital storage media such as hard drives, solid-state drives, databases, tapes, or any other form of persistent storage. (2.1)

Data Tokenization involves replacing sensitive data with unique tokens, maintaining referential integrity for transactional purposes. It ensures that the original data is not exposed, providing a secure way to handle sensitive information like credit card numbers.

• Data Masking: Masks data for non-production purposes but may not be suitable for maintaining referential integrity in transactional systems.

• Data Encryption: Secures data through coded formats but does not typically maintain referential integrity for transactional processes.

• Data Obfuscation: Involves making data unclear but may not provide the structured replacement needed for transactional integrity.

Baseline configuration refers to the standard, securely configured state of a system. Restoring the system to its baseline helps troubleshoot issues and ensures a known, secure starting point.

• System Snapshot: A snapshot captures the current state but doesn't necessarily represent the securely configured baseline.

• System Redundancy: Redundancy is about having backup components, not restoring to a specific configuration state.

• System Virtualization: Virtualization involves creating virtual instances but doesn't inherently mean restoring to a securely configured baseline.

Internet Protocol Schema refers to the organized plan or framework specifying the rules and conventions for communication over the internet. It encompasses the protocols governing data transmission.

• Network Routing Table: A routing table is a dynamic document showing the path data takes through a network, but it doesn't capture the overall schema of internet communication.

• Internet Protocol Addressing: Addressing focuses on the assignment of unique identifiers to devices but doesn't encompass the entire structured plan for internet communication.

• Network Firewall Configuration: Firewall configuration involves setting rules for network security but doesn't represent the overall schema of internet communication protocols.

A DNS sinkhole is a technique used to redirect traffic from known malicious domains by manipulating the DNS resolution process. It is an effective method for preventing systems within the network from connecting to harmful sites.

• Firewall Configuration: While firewalls provide security by controlling incoming and outgoing network traffic, they may not be as focused on DNS-level redirection of malicious domains.

• Intrusion Detection System (IDS): IDS is designed to detect and alert on potential security threats but may not directly block or redirect traffic away from malicious domains.

• VPN Implementation: Virtual Private Networks (VPNs) are used for secure communication, but they are not specifically designed for blocking or redirecting traffic based on known malicious domains.