Architecture and Design

Question 1

What architecture is designed to protect against distributed denial-of-service (DDoS) attacks by routing traffic through a filtering service to scrub malicious traffic before it reaches the target network?

A) DMZ (demilitarized zone)
B) proxy server
C) intrusion detection system (IDS)
D) reverse proxy

Answer 1

Reverse proxy

A reverse proxy architecture routes incoming traffic through a filtering service to scrub malicious traffic before it reaches the target network, providing protection against DDoS attacks.

Question 2

In the context of architecture and design, which principle advocates the use of multiple security layers to protect against a variety of threats and vulnerabilities?

A) single sign-on
B) least privilege
C) defense in depth
D) role-based access control

Answer 2

Defense in depth

The principle of defense in depth involves implementing multiple security layers, each providing a unique line of defense, to protect against a wide range of threats and vulnerabilities.

Question 3

What architectural principle suggests that an organization should employ multiple, diverse security solutions rather than relying on a single security measure to protect against threats?

A) security through obscurity
B) vendor diversity
C) vendor reliance
D) security by design

Answer 3

Vendor Diversity

Vendor diversity suggests that an organization should use security solutions from different vendors to reduce reliance on a single vendor and enhance security resilience.

Question 4

What architectural component is responsible for maintaining a list of authorized devices on a network and ensuring that only authorized devices can access network resources?

A) firewall
B) intrusion detection system (IDS)
C) network access control (NAC)
D) router

Answer 4

Network access control (NAC)

is responsible for maintaining a list of authorized devices and enforcing network access policies to ensure only authorized devices can access network resources.

Question 5

In the context of network architecture, what is the purpose of a demilitarized zone (DMZ)?

A) to host sensitive data and internal applications
B) to isolate internal networks from external networks
C) to provide a buffer zone between the internet and an internal network
D) to secure the network perimeter through strong encryption

Answer 5

To provide buffer zone between the internet and an internal network

A DMZ is a network segment that acts as a buffer zone between the internet and an internal network, hosting resources that need to be accessible from the internet while keeping the internal network protected.

Question 6

Which architectural component plays a critical role in enforcing security policies by examining and filtering network traffic based on predefined rules and policies?

A) intrusion detection system (IDS)
B) router
C) proxy server
D) firewall

Answer 6

Firewall

A firewall is an architectural component responsible for examining and filtering network traffic based on predefined rules and policies to enforce security.

Question 7

What component is responsible for directing traffic between different network segments and enforcing access controls based on network policies?

A) intrusion detection system (IDS)
B) network access control (NAC)
C) router
D) proxy server

Answer 7

Router

Routers are responsible for directing traffic between different network segments and enforcing access controls based on network policies.

Question 8

An organization is designing a system that will allow users to access multiple applications and resources using a single set of credentials. Which architectural concept is being implemented in this scenario?

A) single sign-on (SSO)
B) role-based access control (RBAC)
C) least privilege
D) security by design

Answer 8

Single sign-on

Single sign-on (SSO) is an architectural concept that allows users to access multiple applications and resources with a single set of credentials.

Question 9

In a cloud-based architecture, what security principle ensures that data remains confidential and protected even if it is stored in a shared, multi-tenant environment?

A) data isolation
B) data integrity
C) least privilege
D) security by design

Answer 9

Data isolation

Data isolation is a security principle in a shared, multi-tenant cloud environment that ensures data from one tenant is kept separate and inaccessible to other tenants, maintaining data confidentiality.

Question 10

An organization is designing its network architecture with the goal of ensuring that critical systems are protected and available even during a cyberattack. Which architectural principle is the organization primarily focused on?

A) availability
B) authentication
C) authorization
D) accountability

Answer 10

Availability

Ensuring that critical systems are protected and available even during a cyberattack is primarily a focus on the architectural principle of availability.

Question 11

In a cloud-based infrastructure, which architectural component is responsible for scaling resources automatically based on demand and optimizing costs by only using resources when necessary?

A) load balancer
B) virtual private network (VPN)
C) elastic load balancing (ELB)
D) autoscaler

Answer 11

Autoscaler

Autoscaler is a cloud architecture component that scales resources automatically based on demand, optimizing costs by using resources only when needed.

Question 12

What architectural design principle emphasizes designing and implementing security measures as an integral part of a system or application rather than as an afterthought?

A) VPN gateway
B) firewall
C) load balancer
D) proxy server

Answer 12

VPN gateway

A VPN gateway allows external users to securely access internal resources while hiding the internal network structure from external view.

Question 13

An organization is implementing a network architecture that requires users to provide multiple authentication factors to access sensitive systems. Which architectural principle does this represent?

A) least privilege
B) authentication
C) authorization
D) multifactor authentication

Answer 13

Multi-factor authentication

Requiring users to provide multiple authentication factors is a security architecture principle known as multifactor authentication (MFA).

Question 14

An organization is planning to implement a secure architecture that minimizes the attack surface and allows only necessary services and ports to be accessible. Which architectural principle does this strategy align with?

A) network segmentation
B) least privilege
C) service-oriented architecture (SOA)
D) principle of least common mechanism

Answer 14

Principle of least common mechanism

The principle of least common mechanism emphasizes minimizing the attack surface by providing only the necessary services and ports, reducing potential vulnerabilities.

Question 15

An organization is designing a network architecture that incorporates redundancy to ensure high availability. Which is the primarily responsible for providing redundancy?

A) intrusion detection system (IDS)
B) load balancer
C) failover cluster
D) proxy server

Answer 15

Failover cluster

A failover cluster is a component responsible for providing redundancy and high availability in a network architecture by allowing for seamless service migration in the event of a failure.

Question 16

An organization is planning to implement a network architecture that uses encryption to protect data in transit. Which architectural principle does this align with?

A) data isolation
B) data integrity
C) data classification
D) data confidentiality

Answer 16

Data Confidentiality

Using encryption to protect data in transit is aligned with the architectural principle of data confidentiality, which ensures that data is kept confidential and protected from unauthorized access during transmission.

Question 17

A large healthcare organization is planning to implement a new network architecture to ensure the security and privacy of patient records. Which architectural component is crucial for this scenario, providing secure and audited access to patient data for authorized healthcare professionals while protecting against unauthorized access?

A) single sign-on (SSO)
B) role-based access control (RBAC)
C) intrusion prevention system (IPS)
D) data encryption

Answer 17

Role-based access control (RBAC)

In a healthcare organization, RBAC is crucial for ensuring secure and audited access to patient data by assigning permissions based on user roles, allowing authorized healthcare professionals access while protecting against unauthorized access.

Question 18

A financial institution is designing its network architecture to ensure that customer data is securely transmitted and stored. The design must address encryption for data in transit and at rest, robust authentication, and access control. Which architectural component is essential for this scenario?

A) intrusion prevention system (IPS)
B) firewall
C) data encryption
D)network segmentation

Answer 18

Data encryption

Data encryption is essential for ensuring the secure transmission and storage of customer data, addressing the requirements for encryption for data in transit and at rest, and providing confidentiality and data protection.

Question 19

An e-commerce company is planning to implement a highly available architecture for its online store. The design should ensure minimal downtime, even during system maintenance and updates. What architectural component is crucial for this scenario?

A) load balancer
B) disaster recovery plan
C) intrusion prevention system (IPS)
D) single sign-on

Answer 19

Load balancer

In this scenario, a load balancer is crucial for ensuring high availability by distributing incoming traffic across multiple servers and reducing downtime during maintenance and updates.

Question 20

What is a characteristic of cloud computing that enables users to access computing resources on-demand and from anywhere with an internet connection?

A) network segmentation
B) scalability
C) geofencing
D) redundancy

Answer 20

Scalability

Scalability is a characteristic of cloud computing that enables users to access computing resources on-demand and from anywhere with an internet connection, allowing for the easy expansion or reduction of resources as needed.

Question 21

In a virtualized environment, what is the term for the software or firmware that manages the hardware and creates virtual machines (VMs)?

A) hypervisor
B) router
C) switch
D) firewall

Answer 21

Hypervisor

A hypervisor is the software or firmware that manages the hardware and creates virtual machines (VMs) in a virtualized environment.

Question 22

What is a key benefit of cloud computing in disaster recovery planning?

A) increased physical hardware requirements
B) reduced data backup and redundancy
C) cost-effective and scalable offsite storage
D) decreased reliance on encryption and authentication

Answer 22

Cost-effective and scalable offsite storage

Question 23

In the context of application development and deployment, what is the primary purpose of DevOps?

A) ensuring data confidentiality and integrity
B) automating the software development and deployment process
C) implementing access control and identity management
D) monitoring network traffic for anomalies

Answer 23

Automating the software development and deployment process

The primary purpose of DevOps in application development and deployment is to automate and streamline the software development and deployment process, enabling faster and more reliable releases.

Question 24

Which software development methodology places a strong emphasis on customer collaboration, responding to change, and delivering working software frequently and iteratively?

A) agile
B)waterfall
C) scrum
D) six sigma

Answer 24

Agile

The Agile methodology places a strong emphasis on customer collaboration, responding to change, and delivering working software frequently and iteratively.

Question 25

What is the primary purpose of a RADIUS (Remote Authentication Dial-In User Service) server?

A) ensuring data confidentiality and integrity
B) centralizing user authentication and authorization
C) protecting against malware and viruses
D) monitoring network traffic for anomalies

Answer 25

Centralizing user authentication and authorization

The primary purpose of a RADIUS server is to centralize user authentication and authorization, providing a single point for managing access to network resources.

Question 26

Which of the following is a commonly used mechanism for multi-factor authentication (MFA) in network design?

A) username and password
B) biometric authentication
C) single sign-on (SSO)
D) MAC address filtering

Answer 26

Biometric authentication

Biometric authentication, such as fingerprint or facial recognition, is a commonly used mechanism for one of the factors in multi-factor authentication (MFA).

Question 27

In a large healthcare organization, there is a need to ensure that only authorized personnel have access to patients’ electronic health records (EHR). What type of authentication and authorization mechanism would be most suitable for this scenario, considering the sensitivity of patient data?

A) single-factor authentication using username and password
B) multi-factor authentication (MFA) requiring a password and fingerprint scan
C) using open access for better collaboration among staff
D) implementing MAC address filtering for all devices

Answer 27

Multi-factor authentication (MFA) requiring a password and fingerprint scan

Given the sensitivity of patient EHR data, a robust authentication method like MFA with both a password and biometric authentication (fingerprint scan) would be most suitable to ensure only authorized personnel have access.

Question 28

A financial institution has implemented a role-based access control (RBAC) system for its employees. Employees in different roles have varying levels of access to financial data and transactions. What is the primary benefit of this RBAC system?

A) simplifying user authentication
B) enhancing data encryption
C) restricting user access based on job responsibilities
D) accelerating network performance

Answer 28

Restricting user access based on job responsibilities

The primary benefit of the RBAC system in this financial institution is that it restricts user access based on job responsibilities, providing granular control over who can access sensitive financial data.

Question 29

A university wants to provide secure access to its Wi-Fi network for students and staff. They also want to track user activities and restrict unauthorized devices. Which authentication and authorization technology is most appropriate for achieving these goals?

A) using an open network for ease of access
B) implementing WPA3 for Wi-Fi encryption
C) leveraging a RADIUS server for user authentication and MAC address filtering for device control
D) enforcing strong password policies

Answer 29

Leveraging a RADIUS server for user authentication and MAC address filtering for device control

To achieve secure access, user tracking, and device restriction, a combination of RADIUS server for user authentication and MAC address filtering for device control would be most appropriate.

Question 30

A small startup company is designing its network infrastructure. They want to minimize costs and simplify network management while ensuring security. Which network architecture is a cost-effective and simple solution for this startup?

A) a complex hierarchical network architecture
B) a peer-to-peer network architecture
C) a cloud-based network architecture
D) a star network architecture

Answer 30

A cloud-based network architecture

For a small startup looking to minimize costs and simplify network management, a cloud-based network architecture is a cost-effective and simple solution. Cloud services offer scalability, reduced hardware costs, and centralized management.

Question 31

Which cryptographic concept involves the use of two keys, one for encryption and another for decryption?

A) digital signature
B) symmetric encryption
C) asymmetric encryption
D) hash functions

Answer 31

Asymmetric encryption

Asymmetric encryption involves the use of two keys, a public key for encryption and a private key for decryption, ensuring secure communication and data protection.

Question 32

An online banking platform wants to secure user logins and transactions. What cryptographic concept is typically used to provide secure authentication and data confidentiality

A) hash function
B) digital certificates
C) multi-factor authentication (MFA)
D) transport layer security (TLS)

Answer 32

Transport layer security (TLS)

In the context of securing online banking platforms, Transport Layer Security (TLS) is typically used to provide secure authentication and data confidentiality for user logins and transactions.

Question 33

A government agency needs to securely transmit classified documents over a public network. What cryptographic concept is best suited?

A) virtual private network (VPN)
B) public key infrastructure (PKI)
C) symmetric encryption
D) blockchain technology

Answer 33

Virtual private network (VPN)

Virtual Private Network (VPN) is an appropriate cryptographic concept to create an encrypted and private communication channel.

Question 34

Why is it important to implement surveillance cameras and access logs in a facility’s entry and exit points?

A) to track employees attendance
B) to deter unauthorized access and monitor security breaches
C) to improve network performance
D) to enhance document security

Answer 34

To deter unauthorized access and monitor security breaches

Implementing surveillance cameras and access logs in entry and exit points is important to deter unauthorized access and monitor security breaches, enhancing physical security.

Question 35

What is the primary purpose of a disaster recovery plan (DRP) in an organization’s architecture and design strategy?

A) to prevent all disasters from occurring
B) to ensure the continuous availability of critical systems and data after a disaster
C) to boost network performance
D) to replace damaged equipment with new technology

Answer 35

To ensure the continuous availability of critical systems and data after a disaster

Question 36

In a corporate network, why is it essential to segment the network into different virtual LANs (VLANs)?

A) to increase energy efficiency
B) to simplify network management
C) to improve network performance
D) to enhance security and isolate traffic

Answer 36

To enhance security and isolate traffic

Segmenting the network into different virtual LANs (VLANs) is essential to enhance security and isolate traffic, reducing the risk of unauthorized access and attacks.

Question 37

What is the primary purpose of maintaining visitor logs for a corporate facility?

A) to promote employee collaboration
B) to enhance network aesthetics
C) to track and audit the entry and exit of visitors for security and compliance purposes
D) to centralize data storage

Answer 37

To track and audit the entry and exit of visitors for security and compliance purposes

Maintaining visitor logs for a corporate facility primarily serves the purpose of tracking and auditing the entry and exit of visitors for security and compliance reasons.

Question 38

Which backup method involves a complete backup of all selected files and folders each time it is performed?

A) incremental backup
B) full backup
C) differential backup
D) synthetic backup

Answer 38

Full backup

A full backup involves a complete backup of all selected files and folders every time it is performed.

Question 39

An online banking service sends a one-time passcode to a user’s registered mobile phone number after entering their password to complete a transaction. Which MFA factor does this scenario represent?

A) something you know
B) something you have
C) something you are
D) something you do

Answer 39

Something you have

In this scenario, receiving a one-time passcode on a registered mobile phone represents the “something you have” factor in MFA.

Question 40

A company allows access to sensitive areas based on an employee’s fingerprint scan in addition to a security badge. What MFA factor is primarily utilized in this scenario?

A) something you know
B) something you have
C) something you are
D) something you do

Answer 40

Something you are

Using an employee’s fingerprint scan in addition to a security badge for access control primarily involves the “something you are” factor in MFA.

Question 41

Which type of redundancy involves mirroring data across multiple hard drives to ensure data availability in case of drive failure?

A) load balancing
B) RAID (redundant array of independent disks)
C) failover clustering
D) network segmentation

Answer 41

RAID (redundant array of independent disks)

RAID (Redundant Array of Independent Disks) involves mirroring data across multiple hard drives to ensure data availability in case of drive failure.

Question 42

In a secure online transaction, a user verifies the authenticity of a digital document shared by a sender, ensuring the document hasn’t been altered in transit. Which cryptographic concept best describes this scenario?

A) symmetric encryption
B) digital signatures
C) hashing algorithms
D) key exchange

Answer 42

Digital signatures

The scenario involves the use of digital signatures to ensure the authenticity and integrity of the shared digital document.

Question 43

An organization securely shares encrypted data with a third-party vendor, requiring both parties to generate and exchange their public keys before communication. Which cryptographic concept does this scenario illustrate?

A) digital signatures
B) hashing algorithms
C) asymmetric encryption
D) symmetric encryption

Answer 43

Asymmetric encryption

The scenario involves the use of asymmetric encryption for secure data exchange with the necessity of generating and exchanging public keys before communication.

Question 44

In the event of a successful phishing attack that compromises employee credentials, what cybersecurity resilience measure could a company have in place to limit the damage caused by compromised credentials?

A) multi-factor authentication (MFA)
B) encrypting all sensitive data
C) regular employee cybersecurity training
D) deploying intrusion prevention systems

Answer 44

Multi-factor authentication (MFA)

Implementing multi-factor authentication (MFA) could limit the damage caused by compromised credentials as it requires an additional form of verification beyond passwords.

Question 45

After discovering vulnerabilities in critical software, what resilience measure could an organization take to address these vulnerabilities?

A) deploying an intrusion detection system
B) implementing patch management procedures
C) conducting regular security risk assessments
D) establishing network segmentation

Answer 45

Implementing patch management procedures

Implementing patch management procedures is a key resilience measure to address vulnerabilities by applying updates and fixes to critical software.

Question 46

What security principle does the use of encryption for sensitive data storage adhere to in secure application development?

A) confidentiality
B) availability
C) integrity
D) authentication

Answer 46

Confidentiality

The use of encryption for sensitive data storage in secure application development primarily aligns with the principle of confidentiality.

Question 47

In a web application, an attacker successfully exploits a vulnerability, injecting malicious code into a form field, leading to unauthorized access to sensitive customer information. What secure application development practice could have prevented this scenario?

A) implementing input validation and sanitization
B) regularly updating server hardware
C) enhancing user authentication protocols
D) employing content caching for faster page loads

Answer 47

Implementing input validation and sanitization

Implementing input validation and sanitization could have prevented the injection of malicious code by validating and cleansing user input.

Question 48

What technique involves intentionally presenting false information or systems to attackers to divert their attention from genuine assets?

A) honeypots
B) encrypted tunnels
C) intrusion detection systems
D) multi-factor authentication

Answer 48

Honeypots

Honeypots involve presenting false systems or data to divert attackers’ attention from genuine assets.

Question 49

Which RAID level offers disk mirroring, providing data redundancy by duplicating all data on a separate drive?

A) RAID 0
B) RAID 1
C) RAID 5
D) RAID 10

Answer 49

RAID 1

RAID 1 offers disk mirroring, providing data redundancy by duplicating all data on a separate drive. This redundancy ensures that if one drive fails, the data remains intact on the mirrored drive.

Question 50

Where encrypted traffic is monitored for potential threats. How does SSL/TLS inspection aid in identifying and preventing security risks in this context?

A) it instantly encrypts data for secure transactions
B) it verifies the authenticity of the banking server
C) it inspects and controls encrypted traffic for potential threats
D) it prioritizes faster communication between different banking systems

Answer 50

It inspects and controls encrypted traffic for potential threats

SSL/TLS inspection aids in identifying and preventing security risks by inspecting and controlling encrypted traffic for potential threats, ensuring secure communication.