WOLF//SEC
← Dashboard
DOMAIN 3.0 18% of exam

Security Architecture

Designing secure systems. Four objectives covering architecture models (cloud IaaSInfrastructure as a Service — Cloud: provider manages hardware, you manage OS and up/PaaSPlatform as a Service — Cloud: provider manages through runtime, you manage apps/SaaSSoftware as a Service — Cloud: provider manages everything, you configure, on-prem, hybrid, edge, containers, serverless, ICSIndustrial Control System — Systems managing physical industrial processes/SCADASupervisory Control and Data Acquisition — Industrial control system for remote monitoring), infrastructure hardening (device placement, firewalls, IDSIntrusion Detection System — Monitors and alerts on suspicious activity (passive)/IPSIntrusion Prevention System — Detects and blocks suspicious activity (inline), 802.1X, VPNVirtual Private Network — Encrypted tunnel over public networks, SD-WANSoftware-Defined Wide Area Network — Centrally managed WAN with dynamic routing, SASESecure Access Service Edge — Combines SD-WAN with cloud-delivered security), data protection strategies (classification, encryption at rest/transit/use, tokenization, DLPData Loss Prevention — Prevents unauthorized data exfiltration, rights management, data lifecycle), and resilience/recovery planning (HAHigh Availability — Architecture minimizing downtime, RAIDRedundant Array of Independent Disks — Storage redundancy through multiple disks, backup strategies, recovery sites, RTORecovery Time Objective — Maximum acceptable downtime/RPORecovery Point Objective — Maximum acceptable data loss (in time)).

Objective 3.2 (“Given a scenario, apply security principles to secure enterprise infrastructure”) is the PBQ target — device placement in security zones, firewall rule configuration, 802.1X authentication, IDSIntrusion Detection System — Monitors and alerts on suspicious activity (passive)/IPSIntrusion Prevention System — Detects and blocks suspicious activity (inline) deployment decisions. Understanding how interception works offensively makes your defensive architecture decisions sharper.

OBJECTIVES

3.1 Compare and contrast security implications of different architecture models
compare
3.2 Apply security principles to secure enterprise infrastructure
PBQ
3.3 Compare and contrast concepts and strategies to protect data
compare
3.4 Explain the importance of resilience and recovery in security architecture
explain

LABS

LAB 3.2-A T1: In-Browser

Network Architecture Builder

Obj 3.2 · intermediate · ~15min READY
LAB 3.3-A T1: In-Browser

Data Classification & Lifecycle

Obj 3.3 · intermediate · ~15min READY
LAB CIDR-1 T1: In-Browser

CIDR Range Calculator

Obj 3.2 · intermediate · ~20min READY