Security architecture refers to the structured design of security controls, policies, and technologies that protect an organization's systems and data. The SY0-701 exam tests several foundational architectural concepts.
Key Architectural Models
- Zero Trust: Assumes no user, device, or network segment is inherently trusted. Every access request must be verified, regardless of location. Core principles include verify explicitly, use least privilege, and assume breach.
- Defense in Depth: Layers multiple security controls so that if one fails, others remain in place. Examples include combining firewalls, intrusion detection, endpoint protection, and access controls.
- Secure by Design: Security is built into systems from the start rather than added afterward. This includes threat modeling during development and applying secure coding practices.
Infrastructure Considerations
- On-premises vs. Cloud vs. Hybrid: Each deployment model has different shared responsibility implications. In cloud environments, the cloud provider manages physical security; the customer is responsible for data and access controls.
- Microservices and Serverless: These architectures distribute functionality across small, independent components, which increases the attack surface and requires careful API security and access control.
- Network Segmentation: Dividing a network into zones (e.g., DMZ, internal, guest) limits lateral movement if a breach occurs. VLANs and firewalls are common segmentation tools.
- Software-Defined Networking (SDN): Separates the control plane from the data plane, allowing centralized network management but also introducing new attack vectors on the controller.
Design Principles
- Least Privilege: Users and systems are granted only the minimum access needed to perform their function.
- Separation of Duties: Critical tasks are divided among multiple individuals to reduce insider threat risk.
- Fail Secure / Fail Safe: When a system fails, it should default to a secure state (e.g., a firewall blocking all traffic on failure).
- Resilience and Redundancy: Architectures should include high availability (HA), load balancing, and geographic redundancy to maintain operations during disruptions.
On the exam, expect scenario-based questions asking you to select the most appropriate architectural control or identify weaknesses in a described architecture. Focus on understanding why each principle exists, not just its definition.