Domain 3 Security Architecture

Question 1

An organization leverages both on-premises data centers and cloud services to host its applications and data. What security considerations are typically associated with a hybrid architecture?

Answer 1

Integration of on-premises and cloud security controls is crucial.

Question 2

When engaging third-party vendors for security services or products, what should be a primary concern to ensure the security of an organization’s information assets?

Answer 2

The security practices and measures implemented by the vendor.

Question 3

A company that has adopted a microservices architecture, what security challenge might arise during the development and deployment of new features?

Answer 3

Rapid development cycles leading to potential oversight of security best practices

Question 4

When designing a security architecture with a high emphasis on availability, what is a key consideration regarding system redundancy?

Answer 4

Implementing redundant systems in geographically diverse locations

Question 5

An organization decides to purchase cyber insurance to transfer the financial risk associated with a potential data breach, what risk management strategy is being employed?

Answer 5

Risk transference

Question 6

What is a primary security advantage of adopting an on-premises infrastructure?

Answer 6

Enhanced control over the physical security of the infrastructure

Question 7

When comparing centralized and decentralized security architectures, what is a potential drawback of a centralized model?

Answer 7

Increased susceptibility to a single point of failure.

Question 8

When implementing the principle of security through obscurity, what practice should be avoided?

Answer 8

Using default configurations for critical systems

Question 9

In a healthcare organization, there is a need to safeguard patient records and comply with privacy regulations. What type of data is the organization primarily concerned with protecting?

Answer 9

Regulated data

Question 10

In a financial institution, customer account details and transaction records need protection due to regulatory requirements. What data classification level would likely be assigned to this type of information?

Answer 10

Confidential

Question 10

In a government agency, there is a need to handle information related to national security. What data classification level would likely be assigned to this type of sensitive information?

Answer 10

Top Secret

Question 11

In a corporate environment, the employee handbook and internal policies need to be shared with all employees. What data classification level would likely be assigned to these documents?

Answer 11

Public

Question 12

A multinational corporation is expanding its operations to comply with data sovereignty requirements in various countries. What does the company need to consider when addressing data sovereignty concerns?

Answer 12

Ensuring the physical location of data centers complies with local regulations

Question 13

Which encryption method uses the same key for both encryption and decryption processes and is commonly used for securing communication channels?

Answer 13

Symmetric encryption

Question 14

An organization uses a cloud-based collaboration platform for employees to work on projects. What security measure should be emphasized to protect data in use on this platform?

Answer 14

Using role-based access controls within the platform

Question 15

A cyber-security professional is implementing a password storage system that should securely store user passwords. What cryptographic technique is suitable for this purpose to protect against unauthorized access to the actual passwords?

Answer 15

Hashing

Question 16

A company is implementing data masking to protect personally identifiable information (PII) in a non-production environment. What is the primary purpose of data masking in this scenario?

Answer 16

Protecting data confidentiality

Question 17

A database administrator is concerned about protecting passwords stored in a database from unauthorized access. In addition to hashing, what additional technique should be implemented to enhance security?

Answer 17

Salting

Question 18

What is the primary goal of a security token in a multi-factor authentication (MFA) system?

Answer 18

To provide a second factor of authentication

Question 19

You are a developer working on a web application that processes user input and stores it in a database. How do you ensure that the application is protected against SQL injection attacks?

Answer 19

Use parameterized queries or prepared statements.

Question 20

A developer is working on a web application that handles sensitive user data. The application uses user authentication and the development team is discussing best practice to protect against brute force attacks on user accounts. What is the recommended practice in this situation?

Answer 20

Implement account lockout after a certain number of failed login attempts.

Question 21

In a corporate network, why might a Jump Server be implemented in the DMZ?

Answer 21

To facilitate secure remote administration of internal servers

Question 22

How does a proxy server contribute to protecting internal networks from external threats?

Answer 22

By acting as a barrier between internal and external networks

Question 23

How does Secure Access Service Edge (SASE) address the challenges of traditional network architectures for remote users?

Answer 23

By integrating security services into the cloud

Question 24

Which of the following is a key benefit of implementing Secure Access Service Edge (SASE) for organizations with a distributed workforce?

Answer 24

Enhanced visibility and control over network traffic

Question 25

What is a key advantage of using Software-Defined Wide Area Network (SD-WAN) for organizations with multiple branch offices?

Answer 25

Centralized management and control

Question 26

27) Which type of firewall operates at the transport layer of the OSI model and can filter traffic based on source and destination IP addresses, as well as port numbers?

Answer 26

Stateful inspection firewall

Question 27

Which type of firewall hides the internal network structure and IP addresses from external networks by forwarding requests on behalf of clients and returning the results to the clients?

Answer 27

Proxy firewall

Question 28

29) What is a potential challenge or limitation associated with the use of a Web Application Firewall (WAF) in a secure architecture?

Answer 28

Inability to inspect encrypted traffic

Question 29

30) In a fully remote company, employees use a virtual private network (VPN) to connect to the corporate network securely. Which tunneling protocol is commonly used in this context to create a secure tunnel over the internet?

Answer 29

IPsec (Internet Protocol Security)

Question 29

What security mechanism is commonly employed to safeguard trade secret data during transmission over a network?

Answer 29

Transport Layer Security (TLS)

Question 29

Which of the following cryptographic protocols is commonly used for securing email communication?

Answer 29

RSA

Question 30

In a government agency, certain documents contain information critical to national security. Which sensitivity label is most appropriate for these documents?

Answer 30

Critical

Question 31

In a legal firm, there is a document containing client case details and confidential legal strategies. Access should be restricted to the legal team working on the specific cases. Which classification label is most appropriate for this document?

Answer 31

Confidential

Question 32

An IT department is planning for disaster recovery and business continuity. The company requires minimal downtime and can afford a short recovery time. Which site consideration is most appropriate for this scenario?

Answer 32

Hot site

Question 33

A research institution has sensitive data that requires protection, but the budget is limited. The institution can tolerate some downtime in the event of a disaster. Which site consideration is most appropriate for this scenario?

Answer 33

Cold site

Question 34

What is the primary objective of a failover test in a high-availability system?

Answer 34

To simulate the switch to backup systems in case of a primary system failure

Question 35

In a disaster recovery scenario, how do backup snapshots contribute to the restoration process?

Answer 35

By providing a point-in-time copy of data for quick recovery

Question 36

Which security measure is specifically designed to protect backup tapes during transportation?

Answer 36

Tape encryption

Question 37

Which cryptographic technique is commonly used to secure data during transit in backup operations?

Answer 37

Symmetric encryption

Question 38

When designing a backup and recovery strategy, what is the purpose of geographic diversity in backup storage locations?

Answer 38

Enhancing data resilience and availability

Question 39

What is a potential disadvantage of relying solely on a hot site for disaster recovery?

Answer 39

High costs associated with maintaining constant readiness

Question 40

An e-commerce website, the IT team is experiencing performance issues during peak hours. Which solution would be most effective in distributing incoming user requests and optimizing resource utilization?

Answer 40

Load Balancing

Question 41

A company’s critical database server needs to maintain high availability and fault tolerance. What solution would is recommended to achieve this goal?

Answer 41

Database Clustering

Question 42

An educational institution needs a disaster recovery solution that can be activated within a few days in case of a major disruption. Which site would be most appropriate for this scenario?

Answer 42

Warm Site

Question 43

A financial institution wants to ensure high availability for its critical applications and data by leveraging multiple cloud providers. What key benefit is the institution seeking from a multi-cloud approach?

Answer 43

Geographic Redundancy

Question 44

In a data center environment, why is it crucial to have a generator as part of the power infrastructure?

Answer 44

To provide temporary power during outages

Question 45

An organization wants to identify and respond to suspicious activities on the network in real-time, which security control should be implemented?

Answer 45

Intrusion Detection System (IDS)

Question 46

What is the primary benefit of implementing a DMZ in a network architecture?

Answer 46

Improved security for public-facing services

Question 47

An organization is implementing a high-availability solution for critical applications. What factor should be a top priority to ensure continuous availability?

Answer 47

Redundant power supplies