CH 14 - Security Architecture & Design

Question 1

Which of the security triad properties does the Biba security model relate to?

A. Confidentiality
B. Integrity
C. Availability
D. All of them

Answer 1

B.
Integrity

Question 2

How many tiers are there in an n‐tier application design?

A. Two
B. Three
C. Four
D. Depends on the application

Answer 2

D.
Depends on the application

Question 3

What type of database may JSON be most likely to represent?

A. Relational
B. SQL
C. Key‐value
D. Document‐based

Answer 3

C.
Key‐value

Question 4

How many functions are specified by NIST’s cybersecurity framework?

A. None
B. Three
C. Five
D. Four

Answer 4

C.
Five

Question 5

How many steps are there in the ISO 27001 cycle?

A. Two
B. Three
C. Four
D. Five

Answer 5

C.
Four

Question 6

What is the highest level of classification used by the U.S. government?

A. Top secret
B. Confidential
C. Restricted
D. Eyes only

Answer 6

A.
Top secret

Question 7

Which of these is microservices a specific implementation of?

A. Service object architecture
B. Micro Channel architecture
C. Microservices architecture
D. Service‐oriented architecture

Answer 7

D.
Service‐oriented architecture

Question 8

What is an application referred to if it is only using AWS Lambda functions?

A. Service‐oriented
B. Virtualized
C. Serverless
D. Infrastructure as a service

Answer 8

C.
Serverless

Question 9

What does the Clark–Wilson model use to refer to objects?

A. UTI and CDI
B. CDI and CTI
C. UDI and CDI
D. UTI and UDI

Answer 9

C.
UDI and CDI

Question 10

What type of application virtualization would you use without going all the way to using a hypervisor?

A. Emulation
B. AWS
C. Paravirtualization
D. Containers

Answer 10

D.
Containers

Question 11

What is the first function specified by NIST in its Cybersecurity Framework?

A. Identify
B. Protect
C. Risk management
D. Defend

Answer 11

A.
Identify

Question 12

What is a common middle tier in an n‐tier application design?

A. Web server
B. Database server
C. Logic server
D. Application server

Answer 12

D.
Application server

Question 13

What is a common open source relational database server that may be used in web applications?

A. MongoDB
B. MySQL
C. SQL
D. Oracle

Answer 13

B.
MySQL

Question 14

Which of the following is true about the Bell–LaPadula Simple Security Property?

A. A subject cannot write up to an object.
B. A subject cannot write down to an object.
C. A subject cannot read up to an object.
D. A subject cannot read down to an object.

Answer 14

C.
A subject cannot read up to an object.

Question 15

What are the phases of the ISO 27001 cycle?

A. Plan, Identify, Act, Detect
B. Plan, Detect, Act, Do
C. Act, Do, Identify, Play
D. Plan, Do, Check, Act

Answer 15

D.
Plan, Do, Check, Act

Question 16

What is an essential element of a zero‐trust architecture?

A. Cloud‐based applications
B. Multifactor authentication
C. Virtual private networks
D. Virtual desktop interfaces

Answer 16

B.
Multifactor authentication

Question 17

What type of processing does serverless computing typically use?

A. Parallel
B. Procedural
C. Event‐driven
D. Functional

Answer 17

C.
Event‐driven

Question 18

Which of these would be the best approach to implementing multifactor authentication in a zero‐trust model?

A. SMS
B. Push‐based approval
C. Username / password
D. OTP

Answer 18

D.
OTP

Question 19

What is the Cyber Kill Chain used for?

A. Identifying attackers
B. Defining monitoring actions
C. Describing an attack process
D. Developing command and control systems

Answer 19

C.
Describing an attack process

Question 20

What software may be helpful in keeping workstations protected in a zero‐trust design if they are not directly on the enterprise network?

A. Syslog
B. EDR
C. SAP
D. SCCM

Answer 20

B.
EDR